Merge pull request #27089 from dmandalidis/27029-docs

Update volume options (fixes #27029)
Addressed feedback
2026-01-12 11:11:44 +00:00 · 2017-02-10 10:30:11 -05:00 · 2017-01-26 12:10:59 -08:00 · 2016-10-20 10:59:20 +03:00 · 2016-06-17 14:26:52 +10:00 · 2016-06-16 19:52:35 -07:00
4681 changed files with 220252 additions and 640053 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,4 +1,3 @@
 bundles
 .gopath
 vendor/pkg
-.go-pkg-cache
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -12,17 +12,6 @@ will, however, reopen it if you later provide the information.
 For more information about reporting issues, see
 https://github.com/docker/docker/blob/master/CONTRIBUTING.md#reporting-other-issues

---------------------------------------------------
-GENERAL SUPPORT INFORMATION
---------------------------------------------------
-
-The GitHub issue tracker is for bug reports and feature requests.
-General support can be found at the following locations:
-
- Docker Support Forums - https://forums.docker.com
- IRC - irc.freenode.net #docker channel
- Post a question on StackOverflow, using the Docker tag
-
 ---------------------------------------------------
 BUG REPORT INFORMATION
 ---------------------------------------------------
@@ -30,31 +19,13 @@ Use the commands below to provide key information from your environment:
 You do NOT have to include this information if this is a FEATURE REQUEST
 -->

-**Description**
-
-<!--
-Briefly describe the problem you are having in a few paragraphs.
-->
-
-**Steps to reproduce the issue:**
-1.
-2.
-3.
-
-**Describe the results you received:**
-
-
-**Describe the results you expected:**
-
-
-**Additional information you deem important (e.g. issue happens only occasionally):**
-
 **Output of `docker version`:**

 ```
 (paste your output here)
 ```

+
 **Output of `docker info`:**

 ```
@@ -62,3 +33,19 @@ Briefly describe the problem you are having in a few paragraphs.
 ```

 **Additional environment details (AWS, VirtualBox, physical, etc.):**
+
+
+
+**Steps to reproduce the issue:**
+1.
+2.
+3.
+
+
+**Describe the results you received:**
+
+
+**Describe the results you expected:**
+
+
+**Additional information you deem important (e.g. issue happens only occasionally):**
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -19,12 +19,5 @@ Please provide the following information:

 **- How to verify it**

-**- Description for the changelog**
-<!--
-Write a short (one line) summary that describes the changes in this
-pull request for inclusion in the changelog:
-->
-
-
 **- A picture of a cute animal (not mandatory but encouraged)**

--- a/.gitignore
+++ b/.gitignore
@@ -7,17 +7,11 @@
 *.test
 .*.swp
 .DS_Store
-# a .bashrc may be added to customize the build environment
-.bashrc
-.editorconfig
 .gopath/
-.go-pkg-cache/
 autogen/
 bundles/
-cmd/dockerd/dockerd
-cmd/docker/docker
+docker/docker
 dockerversion/version_autogen.go
-dockerversion/version_autogen_unix.go
 docs/AWS_S3_BUCKET
 docs/GITCOMMIT
 docs/GIT_BRANCH
--- a/.mailmap
+++ b/.mailmap
@@ -90,7 +90,6 @@ Sven Dowideit <SvenDowideit@home.org.au>
 Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@fosiki.com>
 Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@docker.com>
 Sven Dowideit <SvenDowideit@home.org.au> <¨SvenDowideit@home.org.au¨>
-Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@home.org.au>
 Sven Dowideit <SvenDowideit@home.org.au> <SvenDowideit@users.noreply.github.com>
 Sven Dowideit <SvenDowideit@home.org.au> <sven@t440s.home.gateway>
 <alexl@redhat.com> <alexander.larsson@gmail.com>
@@ -137,14 +136,11 @@ Hollie Teal <hollie@docker.com>
 <hollie@docker.com> <hollie.teal@docker.com>
 <hollie@docker.com> <hollietealok@users.noreply.github.com>
 <huu@prismskylabs.com> <whoshuu@gmail.com>
-Jessica Frazelle <jessfraz@google.com>
-Jessica Frazelle <jessfraz@google.com> <me@jessfraz.com>
-Jessica Frazelle <jessfraz@google.com> <jess@mesosphere.com>
-Jessica Frazelle <jessfraz@google.com> <jfrazelle@users.noreply.github.com>
-Jessica Frazelle <jessfraz@google.com> <acidburn@docker.com>
-Jessica Frazelle <jessfraz@google.com> <acidburn@google.com>
-Jessica Frazelle <jessfraz@google.com> <jess@docker.com>
-Jessica Frazelle <jessfraz@google.com> <princess@docker.com>
+Jessica Frazelle <jess@mesosphere.com>
+Jessica Frazelle <jess@mesosphere.com> <jfrazelle@users.noreply.github.com>
+Jessica Frazelle <jess@mesosphere.com> <acidburn@docker.com>
+Jessica Frazelle <jess@mesosphere.com> <jess@docker.com>
+Jessica Frazelle <jess@mesosphere.com> <princess@docker.com>
 <konrad.wilhelm.kleine@gmail.com> <kwk@users.noreply.github.com>
 <tintypemolly@gmail.com> <tintypemolly@Ohui-MacBook-Pro.local>
 <estesp@linux.vnet.ibm.com> <estesp@gmail.com>
@@ -163,7 +159,6 @@ Deshi Xiao <dxiao@redhat.com> <xiaods@gmail.com>
 Doug Davis <dug@us.ibm.com> <duglin@users.noreply.github.com>
 Jacob Atzen <jacob@jacobatzen.dk> <jatzen@gmail.com>
 Jeff Nickoloff <jeff.nickoloff@gmail.com> <jeff@allingeek.com>
-John Howard (VM) <John.Howard@microsoft.com> <jhowardmsft@users.noreply.github.com>
 John Howard (VM) <John.Howard@microsoft.com>
 John Howard (VM) <John.Howard@microsoft.com> <john.howard@microsoft.com>
 John Howard (VM) <John.Howard@microsoft.com> <jhoward@microsoft.com>
@@ -239,82 +234,4 @@ Vishnu Kannan <vishnuk@google.com>
 xlgao-zju <xlgao@zju.edu.cn> xlgao <xlgao@zju.edu.cn>
 yuchangchun <yuchangchun1@huawei.com> y00277921 <yuchangchun1@huawei.com> 
 <zij@case.edu> <zjaffee@us.ibm.com>
-<anujbahuguna.dev@gmail.com> <abahuguna@fiberlink.com>
-<eungjun.yi@navercorp.com> <semtlenori@gmail.com>
-<haosw@cn.ibm.com> <haoshuwei1989@163.com>
-Hao Shu Wei <haosw@cn.ibm.com>
-<matt.bentley@docker.com> <mbentley@mbentley.net>
-<MihaiBorob@gmail.com> <MihaiBorobocea@gmail.com>
-<redmond.martin@gmail.com> <xgithub@redmond5.com>
-<redmond.martin@gmail.com> <martin@tinychat.com>
-<srbrahma@us.ibm.com> <sbrahma@us.ibm.com>
-<suda.akihiro@lab.ntt.co.jp> <suda.kyoto@gmail.com>
-<thomas@gazagnaire.org> <thomas@gazagnaire.com>
-Shengbo Song <thomassong@tencent.com> mYmNeo <mymneo@163.com>
-Shengbo Song <thomassong@tencent.com>
-<sylvain@ascribe.io> <sylvain.bellemare@ezeep.com>
-Sylvain Bellemare <sylvain@ascribe.io>
-<alexandre.beslic@gmail.com> <abronan@docker.com>
-<bilal.amarni@gmail.com> <bamarni@users.noreply.github.com>
-<misty@docker.com> <misty@apache.org>
-Arnaud Porterie <arnaud.porterie@docker.com>
-<cpuguy83@gmail.com> <bgoff@cpuguy83-mbp.local>
-David M. Karr <davidmichaelkarr@gmail.com>
-<diogo@docker.com> <diogo.monica@gmail.com>
-<horwitz@addthis.com> <horwitzja@gmail.com>
-<kherner@progress.com> <chosenken@gmail.com>
-Kenfe-Mickaël Laventure <mickael.laventure@gmail.com>
-<mauricio@medallia.com> <mauriciogaravaglia@gmail.com>
-<dhenderson@gmail.com> <Dave.Henderson@ca.ibm.com>
-<wkq5325@gmail.com> <wkqwu@cn.ibm.com>
-<mike.goelzer@docker.com> <mgoelzer@docker.com>
-<nicholasjamesrusso@gmail.com> <nicholasrusso@icloud.com>
-Runshen Zhu <runshen.zhu@gmail.com>
-Tom Barlow <tomwbarlow@gmail.com>
-Xianlu Bird <xianlubird@gmail.com>
-Dan Feldman <danf@jfrog.com>
-Harry Zhang <harryz@hyper.sh> <harryzhang@zju.edu.cn>
-Alex Chen <alexchenunix@gmail.com> alexchen <root@localhost.localdomain>
-Alex Ellis <alexellis2@gmail.com>
-Alicia Lauerman <alicia@eta.im> <allydevour@me.com>
-Ben Bonnefoy <frenchben@docker.com>
-Bhumika Bayani <bhumikabayani@gmail.com>
-Bingshen Wang <bingshen.wbs@alibaba-inc.com>
-Chen Chuanliang <chen.chuanliang@zte.com.cn>
-Chen Mingjie <chenmingjie0828@163.com>
-CUI Wei <ghostplant@qq.com> cuiwei13 <cuiwei13@pku.edu.cn>
-Dattatraya Kumbhar <dattatraya.kumbhar@gslab.com>
-Diego Siqueira <dieg0@live.com>
-Evelyn Xu <evelynhsu21@gmail.com>
-Felix Ruess <felix.ruess@gmail.com> <felix.ruess@roboception.de>
-Gabriel Nicolas Avellaneda <avellaneda.gabriel@gmail.com>
-Gang Qiao <qiaohai8866@gmail.com> <1373319223@qq.com>
-Helen Xie <chenjg@harmonycloud.cn>
-Jacob Tomlinson <jacob@tom.linson.uk> <jacobtomlinson@users.noreply.github.com>
-Jiuyue Ma <majiuyue@huawei.com>
-Jose Diaz-Gonzalez <jose@seatgeek.com> <josegonzalez@users.noreply.github.com>
-Josh Eveleth <joshe@opendns.com> <jeveleth@users.noreply.github.com>
-Josh Wilson <josh.wilson@fivestars.com> <jcwilson@users.noreply.github.com>
-Kevin Kern <kaiwentan@harmonycloud.cn>
-Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp> <kunal.kushwaha@gmail.com>
-Lajos Papp <lajos.papp@sequenceiq.com> <lalyos@yahoo.com>
-Lyn <energylyn@zju.edu.cn>
-Michael Käufl <docker@c.michael-kaeufl.de> <michael-k@users.noreply.github.com>
-Michal Minář <miminar@redhat.com>
-Michael Hudson-Doyle <michael.hudson@canonical.com> <michael.hudson@linaro.org>
-Milind Chawre <milindchawre@gmail.com>
-Ma Müller <mueller-ma@users.noreply.github.com>
-Roberto Muñoz Fernández <robertomf@gmail.com> <roberto.munoz.fernandez.contractor@bbva.com>
-Stefan S. <tronicum@user.github.com>
-Sun Gengze <690388648@qq.com>
-Tim Zju <21651152@zju.edu.cn>
-Tõnis Tiigi <tonistiigi@gmail.com>
-Wang Ping <present.wp@icloud.com>
-Wang Yuexiao <wang.yuexiao@zte.com.cn>
-Wewang Xiaorenfine <wang.xiaoren@zte.com.cn>
-Wei Wu <wuwei4455@gmail.com> cizixs <cizixs@163.com>
-Ying Li <ying.li@docker.com> <cyli@twistedmatrix.com>
-Yu Peng <yu.peng36@zte.com.cn>
-Yu Peng <yu.peng36@zte.com.cn> <yupeng36@zte.com.cn>
-Zhenkun Bi <bi.zhenkun@zte.com.cn>
-Zhu Kunjia <zhu.kunjia@zte.com.cn>
+
--- a/319
+++ b/319
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -4,7 +4,7 @@ Want to hack on Docker? Awesome!  We have a contributor's guide that explains
 [setting up a Docker development environment and the contribution
 process](https://docs.docker.com/opensource/project/who-written-for/). 

-[![Contributors guide](docs/static_files/contributors.png)](https://docs.docker.com/opensource/project/who-written-for/)
+![Contributors guide](docs/static_files/contributors.png)

 This page contains information about reporting issues as well as some tips and
 guidelines useful to experienced open source contributors. Finally, make sure
@@ -58,11 +58,51 @@ When sending lengthy log-files, consider posting them as a gist (https://gist.gi
 Don't forget to remove sensitive data from your logfiles before posting (you can
 replace those parts with "REDACTED").

-## Quick contribution tips and guidelines
+**Issue Report Template**:
+
+```
+Description of problem:
+
+
+`docker version`:
+
+
+`docker info`:
+
+
+`uname -a`:
+
+
+Environment details (AWS, VirtualBox, physical, etc.):
+
+
+How reproducible:
+
+
+Steps to Reproduce:
+1.
+2.
+3.
+
+
+Actual Results:
+
+
+Expected Results:
+
+
+Additional info:
+
+
+
+```
+
+
+##Quick contribution tips and guidelines

 This section gives the experienced contributor some tips and guidelines.

-### Pull requests are always welcome
+###Pull requests are always welcome

 Not sure if that typo is worth a pull request? Found a bug and know how to fix
 it? Do it! We will appreciate it. Any significant improvement should be
@@ -92,14 +132,6 @@ However, there might be a way to implement that feature *on top of* Docker.
 <table class="tg">
  <col width="45%">
  <col width="65%">
-  <tr>
-    <td>Forums</td>
-    <td>
-      A public forum for users to discuss questions and explore current design patterns and
-      best practices about Docker and related projects in the Docker Ecosystem. To participate,
-      just log in with your Docker Hub account on <a href="https://forums.docker.com" target="_blank">https://forums.docker.com</a>.
-    </td>
-  </tr>
  <tr>
    <td>Internet&nbsp;Relay&nbsp;Chat&nbsp;(IRC)</td>
    <td>
@@ -110,20 +142,20 @@ However, there might be a way to implement that feature *on top of* Docker.
        IRC is a rich chat protocol but it can overwhelm new users. You can search
        <a href="https://botbot.me/freenode/docker/#" target="_blank">our chat archives</a>.
      </p>
-      <p>
-        Read our <a href="https://docs.docker.com/opensource/get-help/#irc-quickstart" target="_blank">IRC quickstart guide</a>
-        for an easy way to get started.
-      </p>
+      Read our <a href="https://docs.docker.com/opensource/get-help/#irc-quickstart" target="_blank">IRC quickstart guide</a> for an easy way to get started.
    </td>
  </tr>
  <tr>
-    <td>Google Group</td>
+    <td>Google Groups</td>
    <td>
+      There are two groups.
+      <a href="https://groups.google.com/forum/#!forum/docker-user" target="_blank">Docker-user</a>
+      is for people using Docker containers.
      The <a href="https://groups.google.com/forum/#!forum/docker-dev" target="_blank">docker-dev</a>
      group is for contributors and other people contributing to the Docker project.
      You can join them without a google account by sending an email to 
      <a href="mailto:docker-dev+subscribe@googlegroups.com">docker-dev+subscribe@googlegroups.com</a>.
-      After receiving the join-request message, you can simply reply to that to confirm the subscription.
+      After receiving the join-request message, you can simply reply to that to confirm the subscribtion.
    </td>
  </tr>
  <tr>
@@ -234,9 +266,8 @@ Developer Certificate of Origin
 Version 1.1

 Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
-1 Letterman Drive
-Suite D4700
-San Francisco, CA, 94129
+660 York Street, Suite 102,
+San Francisco, CA 94110 USA

 Everyone is permitted to copy and distribute verbatim copies of this
 license document, but changing it is not allowed.
@@ -277,6 +308,10 @@ Use your real name (sorry, no pseudonyms or anonymous contributions.)
 If you set your `user.name` and `user.email` git configs, you can sign your
 commit automatically with `git commit -s`.

+Note that the old-style `Docker-DCO-1.1-Signed-off-by: ...` format is still
+accepted, so there is no need to update outstanding pull requests to the new
+format right away, but please do adjust your processes for future contributions.
+
 ### How can I become a maintainer?

 The procedures for adding new maintainers are explained in the 
@@ -379,7 +414,7 @@ The rules:
 5. Document _all_ declarations and methods, even private ones. Declare
   expectations, caveats and anything else that may be important. If a type
   gets exported, having the comments already there will ensure it's ready.
-6. Variable name length should be proportional to its context and no longer.
+6. Variable name length should be proportional to it's context and no longer.
   `noCommaALongVariableNameLikeThisIsNotMoreClearWhenASimpleCommentWouldDo`.
   In practice, short methods will have short variable names and globals will
   have longer names.
@@ -387,7 +422,7 @@ The rules:
   and re-examine why you need a compound name. If you still think you need a
   compound name, lose the underscore.
 8. No utils or helpers packages. If a function is not general enough to
-   warrant its own package, it has not been written generally enough to be a
+   warrant it's own package, it has not been written generally enough to be a
   part of a util package. Just leave it unexported and well-documented.
 9. All tests should run with `go test` and outside tooling should not be
   required. No, we don't need another unit testing framework. Assertion
@@ -396,6 +431,6 @@ The rules:
    guidelines. Since you've read all the rules, you now know that.

 If you are having trouble getting into the mood of idiomatic Go, we recommend
-reading through [Effective Go](https://golang.org/doc/effective_go.html). The
-[Go Blog](https://blog.golang.org) is also a great resource. Drinking the
+reading through [Effective Go](http://golang.org/doc/effective_go.html). The
+[Go Blog](http://blog.golang.org/) is also a great resource. Drinking the
 kool-aid is a lot easier than going thirsty.
--- a/146
+++ b/146
@@ -9,7 +9,7 @@
 # docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
 #
 # # Run the test suite:
-# docker run --privileged docker hack/make.sh test-unit test-integration-cli test-docker-py
+# docker run --privileged docker hack/make.sh test
 #
 # # Publish a release:
 # docker run --privileged \
@@ -25,15 +25,20 @@

 FROM debian:jessie

-# allow replacing httpredir or deb mirror
-ARG APT_MIRROR=deb.debian.org
-RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
-
-# Add zfs ppa
+# add zfs ppa
 RUN apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys E871F18B51E0147C77796AC81196BA81F6B0FC61 \
 	|| apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys E871F18B51E0147C77796AC81196BA81F6B0FC61
 RUN echo deb http://ppa.launchpad.net/zfs-native/stable/ubuntu trusty main > /etc/apt/sources.list.d/zfs.list

+# add llvm repo
+RUN apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 6084F3CF814B57C1CF12EFD515CF4D18AF4F7421 \
+	|| apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 6084F3CF814B57C1CF12EFD515CF4D18AF4F7421
+RUN echo deb http://llvm.org/apt/jessie/ llvm-toolchain-jessie-3.8 main > /etc/apt/sources.list.d/llvm.list
+
+# allow replacing httpredir mirror
+ARG APT_MIRROR=httpredir.debian.org
+RUN sed -i s/httpredir.debian.org/$APT_MIRROR/g /etc/apt/sources.list
+
 # Packaged dependencies
 RUN apt-get update && apt-get install -y \
 	apparmor \
@@ -41,12 +46,10 @@ RUN apt-get update && apt-get install -y \
 	aufs-tools \
 	automake \
 	bash-completion \
-	binutils-mingw-w64 \
 	bsdmainutils \
 	btrfs-tools \
 	build-essential \
-	clang \
-	cmake \
+	clang-3.8 \
 	createrepo \
 	curl \
 	dpkg-sig \
@@ -57,35 +60,32 @@ RUN apt-get update && apt-get install -y \
 	libapparmor-dev \
 	libcap-dev \
 	libltdl-dev \
-	libnl-3-dev \
-	libprotobuf-c0-dev \
-	libprotobuf-dev \
 	libsqlite3-dev \
 	libsystemd-journal-dev \
 	libtool \
 	mercurial \
 	net-tools \
 	pkg-config \
-	protobuf-compiler \
-	protobuf-c-compiler \
 	python-dev \
 	python-mock \
 	python-pip \
 	python-websocket \
 	ubuntu-zfs \
 	xfsprogs \
-	vim-common \
 	libzfs-dev \
 	tar \
 	zip \
 	--no-install-recommends \
-	&& pip install awscli==1.10.15
+	&& pip install awscli==1.10.15 \
+	&& ln -snf /usr/bin/clang-3.8 /usr/local/bin/clang \
+	&& ln -snf /usr/bin/clang++-3.8 /usr/local/bin/clang++
+
 # Get lvm2 source for compiling statically
 ENV LVM2_VERSION 2.02.103
 RUN mkdir -p /usr/local/lvm2 \
 	&& curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \
 		| tar -xzC /usr/local/lvm2 --strip-components=1
-# See https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
+# see https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags

 # Compile and install lvm2
 RUN cd /usr/local/lvm2 \
@@ -94,11 +94,11 @@ RUN cd /usr/local/lvm2 \
 		--enable-static_link \
 	&& make device-mapper \
 	&& make install_device-mapper
-# See https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
+# see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL

 # Configure the container for OSX cross compilation
 ENV OSX_SDK MacOSX10.11.sdk
-ENV OSX_CROSS_COMMIT a9317c18a3a457ca0a657f08cc4d0d43c6cf8953
+ENV OSX_CROSS_COMMIT 8aa9b71a394905e6c5f4b59e2b97b87a004658a4
 RUN set -x \
 	&& export OSXCROSS_PATH="/osxcross" \
 	&& git clone https://github.com/tpoechtrager/osxcross.git $OSXCROSS_PATH \
@@ -107,8 +107,8 @@ RUN set -x \
 	&& UNATTENDED=yes OSX_VERSION_MIN=10.6 ${OSXCROSS_PATH}/build.sh
 ENV PATH /osxcross/target/bin:$PATH

-# Install seccomp: the version shipped in trusty is too old
-ENV SECCOMP_VERSION 2.3.1
+# install seccomp: the version shipped in trusty is too old
+ENV SECCOMP_VERSION 2.3.0
 RUN set -x \
 	&& export SECCOMP_PATH="$(mktemp -d)" \
 	&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
@@ -126,40 +126,37 @@ RUN set -x \
 # IMPORTANT: If the version of Go is updated, the Windows to Linux CI machines
 #            will need updating, to avoid errors. Ping #docker-maintainers on IRC
 #            with a heads-up.
-ENV GO_VERSION 1.7.5
-RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" \
+ENV GO_VERSION 1.5.4
+RUN curl -fsSL "https://storage.googleapis.com/golang/go${GO_VERSION}.linux-amd64.tar.gz" \
 	| tar -xzC /usr/local
-
 ENV PATH /go/bin:/usr/local/go/bin:$PATH
-ENV GOPATH /go
+ENV GOPATH /go:/go/src/github.com/docker/docker/vendor

 # Compile Go for cross compilation
 ENV DOCKER_CROSSPLATFORMS \
 	linux/386 linux/arm \
 	darwin/amd64 \
 	freebsd/amd64 freebsd/386 freebsd/arm \
-	windows/amd64 windows/386 \
-	solaris/amd64
+	windows/amd64 windows/386
+
+# This has been commented out and kept as reference because we don't support compiling with older Go anymore.
+# ENV GOFMT_VERSION 1.3.3
+# RUN curl -sSL https://storage.googleapis.com/golang/go${GOFMT_VERSION}.$(go env GOOS)-$(go env GOARCH).tar.gz | tar -C /go/bin -xz --strip-components=2 go/bin/gofmt

-# Dependency for golint
 ENV GO_TOOLS_COMMIT 823804e1ae08dbb14eb807afc7db9993bc9e3cc3
+# Grab Go's cover tool for dead-simple code coverage testing
+# Grab Go's vet tool for examining go code to find suspicious constructs
+# and help prevent errors that the compiler might not catch
 RUN git clone https://github.com/golang/tools.git /go/src/golang.org/x/tools \
-	&& (cd /go/src/golang.org/x/tools && git checkout -q $GO_TOOLS_COMMIT)
-
+	&& (cd /go/src/golang.org/x/tools && git checkout -q $GO_TOOLS_COMMIT) \
+	&& go install -v golang.org/x/tools/cmd/cover \
+	&& go install -v golang.org/x/tools/cmd/vet
 # Grab Go's lint tool
 ENV GO_LINT_COMMIT 32a87160691b3c96046c0c678fe57c5bef761456
 RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint \
 	&& (cd /go/src/github.com/golang/lint && git checkout -q $GO_LINT_COMMIT) \
 	&& go install -v github.com/golang/lint/golint

-# Install CRIU for checkpoint/restore support
-ENV CRIU_VERSION 2.2
-RUN mkdir -p /usr/src/criu \
-	&& curl -sSL https://github.com/xemul/criu/archive/v${CRIU_VERSION}.tar.gz | tar -v -C /usr/src/criu/ -xz --strip-components=1 \
-	&& cd /usr/src/criu \
-	&& make \
-	&& make install-criu
-
 # Install two versions of the registry. The first is an older version that
 # only supports schema1 manifests. The second is a newer version that supports
 # both. This allows integration-cli tests to cover push/pull with both schema1
@@ -177,9 +174,10 @@ RUN set -x \
 		go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
 	&& rm -rf "$GOPATH"

-# Install notary and notary-server
-ENV NOTARY_VERSION v0.4.2
+# Install notary server
+ENV NOTARY_VERSION docker-v1.11-3
 RUN set -x \
+	&& export GO15VENDOREXPERIMENT=1 \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
 	&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
@@ -190,21 +188,12 @@ RUN set -x \
 	&& rm -rf "$GOPATH"

 # Get the "docker-py" source so we can run their integration tests
-ENV DOCKER_PY_COMMIT e2655f658408f9ad1f62abdef3eb6ed43c0cf324
+ENV DOCKER_PY_COMMIT e2878cbcc3a7eef99917adc1be252800b0e41ece
 RUN git clone https://github.com/docker/docker-py.git /docker-py \
 	&& cd /docker-py \
 	&& git checkout -q $DOCKER_PY_COMMIT \
 	&& pip install -r test-requirements.txt

-# Install yamllint for validating swagger.yaml
-RUN pip install yamllint==1.5.0
-
-# Install go-swagger for validating swagger.yaml
-ENV GO_SWAGGER_COMMIT c28258affb0b6251755d92489ef685af8d4ff3eb
-RUN git clone https://github.com/go-swagger/go-swagger.git /go/src/github.com/go-swagger/go-swagger \
-	&& (cd /go/src/github.com/go-swagger/go-swagger && git checkout -q $GO_SWAGGER_COMMIT) \
-	&& go install -v github.com/go-swagger/go-swagger/cmd/swagger
-
 # Set user.email so crosbymichael's in-container merge commits go smoothly
 RUN git config --global user.email 'docker-dummy@example.com'

@@ -218,8 +207,6 @@ ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux

 # Let us use a .bashrc file
 RUN ln -sfv $PWD/.bashrc ~/.bashrc
-# Add integration helps to bashrc
-RUN echo "source $PWD/hack/make/.integration-test-helpers" >> /etc/bash.bashrc

 # Register Docker's bash completion.
 RUN ln -sv $PWD/contrib/completion/bash/docker /etc/bash_completion.d/docker
@@ -231,13 +218,56 @@ RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
 	busybox:latest@sha256:e4f93f6ed15a0cdd342f5aae387886fba0ab98af0a102da6276eaf24d6e6ade0 \
 	debian:jessie@sha256:f968f10b4b523737e253a97eac59b0d1420b5c19b69928d35801a6373ffe330e \
 	hello-world:latest@sha256:8be990ef2aeb16dbcb9271ddfe2610fa6658d13f6dfb8bc72074cc1ca36966a7
-# See also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)
+# see also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)

-# Install tomlv, vndr, runc, containerd, tini, docker-proxy
-# Please edit hack/dockerfile/install-binaries.sh to update them.
-COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
-COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
-RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy bindata
+# Download man page generator
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone --depth 1 -b v1.0.4 https://github.com/cpuguy83/go-md2man.git "$GOPATH/src/github.com/cpuguy83/go-md2man" \
+	&& git clone --depth 1 -b v1.4 https://github.com/russross/blackfriday.git "$GOPATH/src/github.com/russross/blackfriday" \
+	&& go get -v -d github.com/cpuguy83/go-md2man \
+	&& go build -v -o /usr/local/bin/go-md2man github.com/cpuguy83/go-md2man \
+	&& rm -rf "$GOPATH"
+
+# Download toml validator
+ENV TOMLV_COMMIT 9baf8a8a9f2ed20a8e54160840c492f937eeaf9a
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/BurntSushi/toml.git "$GOPATH/src/github.com/BurntSushi/toml" \
+	&& (cd "$GOPATH/src/github.com/BurntSushi/toml" && git checkout -q "$TOMLV_COMMIT") \
+	&& go build -v -o /usr/local/bin/tomlv github.com/BurntSushi/toml/cmd/tomlv \
+	&& rm -rf "$GOPATH"
+
+# Build/install the tool for embedding resources in Windows binaries
+ENV RSRC_COMMIT ba14da1f827188454a4591717fff29999010887f
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/akavel/rsrc.git "$GOPATH/src/github.com/akavel/rsrc" \
+	&& (cd "$GOPATH/src/github.com/akavel/rsrc" && git checkout -q "$RSRC_COMMIT") \
+	&& go build -v -o /usr/local/bin/rsrc github.com/akavel/rsrc \
+	&& rm -rf "$GOPATH"
+
+# Install runc
+ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
+	&& cd "$GOPATH/src/github.com/opencontainers/runc" \
+	&& git checkout -q "$RUNC_COMMIT" \
+	&& make static BUILDTAGS="seccomp apparmor selinux" \
+	&& cp runc /usr/local/bin/docker-runc
+
+# Install containerd
+ENV CONTAINERD_COMMIT d2f03861c91edaafdcb3961461bf82ae83785ed7
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone git://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \
+	&& cd "$GOPATH/src/github.com/docker/containerd" \
+	&& git checkout -q "$CONTAINERD_COMMIT" \
+	&& make static \
+	&& cp bin/containerd /usr/local/bin/docker-containerd \
+	&& cp bin/containerd-shim /usr/local/bin/docker-containerd-shim \
+	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr

 # Wrap all commands in the "docker-in-docker" script to allow nested containers
 ENTRYPOINT ["hack/dind"]
--- a/Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@@ -9,7 +9,7 @@
 # docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
 #
 # # Run the test suite:
-# docker run --privileged docker hack/make.sh test-unit test-integration-cli test-docker-py
+# docker run --privileged docker hack/make.sh test
 #
 # Note: AppArmor used to mess with privileged mode, but this is no longer
 # the case. Therefore, you don't have to disable it anymore.
@@ -25,7 +25,6 @@ RUN apt-get update && apt-get install -y \
 	bash-completion \
 	btrfs-tools \
 	build-essential \
-	cmake \
 	createrepo \
 	curl \
 	dpkg-sig \
@@ -37,7 +36,6 @@ RUN apt-get update && apt-get install -y \
 	libapparmor-dev \
 	libc6-dev \
 	libcap-dev \
-	libltdl-dev \
 	libsqlite3-dev \
 	libsystemd-dev \
 	mercurial \
@@ -49,19 +47,21 @@ RUN apt-get update && apt-get install -y \
 	python-pip \
 	python-websocket \
 	gccgo \
-	iproute2 \
-	iputils-ping \
-	vim-common \
 	--no-install-recommends

+# Install armhf loader to use armv6 binaries on armv8
+RUN dpkg --add-architecture armhf \
+	&& apt-get update \
+	&& apt-get install -y libc6:armhf
+
 # Get lvm2 source for compiling statically
 ENV LVM2_VERSION 2.02.103
 RUN mkdir -p /usr/local/lvm2 \
 	&& curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \
 		| tar -xzC /usr/local/lvm2 --strip-components=1
-# See https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
+# see https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags

-# Fix platform enablement in lvm2 to support aarch64 properly
+# fix platform enablement in lvm2 to support aarch64 properly
 RUN set -e \
 	&& for f in config.guess config.sub; do \
 		curl -fsSL -o "/usr/local/lvm2/autoconf/$f" "http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=$f;hb=HEAD"; \
@@ -75,10 +75,10 @@ RUN cd /usr/local/lvm2 \
 		--enable-static_link \
 	&& make device-mapper \
 	&& make install_device-mapper
-# See https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
+# see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL

-# Install seccomp: the version shipped in trusty is too old
-ENV SECCOMP_VERSION 2.3.1
+# install seccomp: the version shipped in trusty is too old
+ENV SECCOMP_VERSION 2.3.0
 RUN set -x \
 	&& export SECCOMP_PATH="$(mktemp -d)" \
 	&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
@@ -94,16 +94,15 @@ RUN set -x \

 # Install Go
 # We don't have official binary tarballs for ARM64, eigher for Go or bootstrap,
-# so we use gccgo as bootstrap to build Go from source code.
-# We don't use the official ARMv6 released binaries as a GOROOT_BOOTSTRAP, because
-# not all ARM64 platforms support 32-bit mode. 32-bit mode is optional for ARMv8.
-ENV GO_VERSION 1.7.5
-RUN mkdir /usr/src/go && curl -fsSL https://golang.org/dl/go${GO_VERSION}.src.tar.gz | tar -v -C /usr/src/go -xz --strip-components=1 \
+# so we use the official armv6 released binaries as a GOROOT_BOOTSTRAP, and
+# build Go from source code.
+ENV GO_VERSION 1.5.4
+RUN mkdir /usr/src/go && curl -fsSL https://storage.googleapis.com/golang/go${GO_VERSION}.src.tar.gz | tar -v -C /usr/src/go -xz --strip-components=1 \
 	&& cd /usr/src/go/src \
 	&& GOOS=linux GOARCH=arm64 GOROOT_BOOTSTRAP="$(go env GOROOT)" ./make.bash

 ENV PATH /usr/src/go/bin:$PATH
-ENV GOPATH /go
+ENV GOPATH /go:/go/src/github.com/docker/docker/vendor

 # Only install one version of the registry, because old version which support
 # schema1 manifests is not working on ARM64, we should skip integration-cli
@@ -117,9 +116,10 @@ RUN set -x \
 		go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
 	&& rm -rf "$GOPATH"

-# Install notary and notary-server
-ENV NOTARY_VERSION v0.4.2
+# Install notary server
+ENV NOTARY_VERSION docker-v1.11-3
 RUN set -x \
+	&& export GO15VENDOREXPERIMENT=1 \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
 	&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
@@ -130,7 +130,7 @@ RUN set -x \
 	&& rm -rf "$GOPATH"

 # Get the "docker-py" source so we can run their integration tests
-ENV DOCKER_PY_COMMIT e2655f658408f9ad1f62abdef3eb6ed43c0cf324
+ENV DOCKER_PY_COMMIT e2878cbcc3a7eef99917adc1be252800b0e41ece
 RUN git clone https://github.com/docker/docker-py.git /docker-py \
 	&& cd /docker-py \
 	&& git checkout -q $DOCKER_PY_COMMIT \
@@ -160,13 +160,47 @@ RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
 	aarch64/busybox:latest@sha256:b23a6a37cf269dff6e46d2473b6e227afa42b037e6d23435f1d2bc40fc8c2828 \
 	aarch64/debian:jessie@sha256:4be74a41a7c70ebe887b634b11ffe516cf4fcd56864a54941e56bb49883c3170 \
 	aarch64/hello-world:latest@sha256:65a4a158587b307bb02db4de41b836addb0c35175bdc801367b1ac1ddeb9afda
-# See also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)
+# see also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)

-# Install tomlv, vndr, runc, containerd, tini, docker-proxy
-# Please edit hack/dockerfile/install-binaries.sh to update them.
-COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
-COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
-RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy
+# Download man page generator
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone --depth 1 -b v1.0.4 https://github.com/cpuguy83/go-md2man.git "$GOPATH/src/github.com/cpuguy83/go-md2man" \
+	&& git clone --depth 1 -b v1.4 https://github.com/russross/blackfriday.git "$GOPATH/src/github.com/russross/blackfriday" \
+	&& go get -v -d github.com/cpuguy83/go-md2man \
+	&& go build -v -o /usr/local/bin/go-md2man github.com/cpuguy83/go-md2man \
+	&& rm -rf "$GOPATH"
+
+# Download toml validator
+ENV TOMLV_COMMIT 9baf8a8a9f2ed20a8e54160840c492f937eeaf9a
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/BurntSushi/toml.git "$GOPATH/src/github.com/BurntSushi/toml" \
+	&& (cd "$GOPATH/src/github.com/BurntSushi/toml" && git checkout -q "$TOMLV_COMMIT") \
+	&& go build -v -o /usr/local/bin/tomlv github.com/BurntSushi/toml/cmd/tomlv \
+	&& rm -rf "$GOPATH"
+
+# Install runc
+ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
+	&& cd "$GOPATH/src/github.com/opencontainers/runc" \
+	&& git checkout -q "$RUNC_COMMIT" \
+	&& make static BUILDTAGS="seccomp apparmor selinux" \
+	&& cp runc /usr/local/bin/docker-runc
+
+# Install containerd
+ENV CONTAINERD_COMMIT d2f03861c91edaafdcb3961461bf82ae83785ed7
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone git://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \
+	&& cd "$GOPATH/src/github.com/docker/containerd" \
+	&& git checkout -q "$CONTAINERD_COMMIT" \
+	&& make static \
+	&& cp bin/containerd /usr/local/bin/docker-containerd \
+	&& cp bin/containerd-shim /usr/local/bin/docker-containerd-shim \
+	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr

 # Wrap all commands in the "docker-in-docker" script to allow nested containers
 ENTRYPOINT ["hack/dind"]
--- a/Dockerfile.armhf
+++ b/Dockerfile.armhf
@@ -9,7 +9,7 @@
 # docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
 #
 # # Run the test suite:
-# docker run --privileged docker hack/make.sh test-unit test-integration-cli test-docker-py
+# docker run --privileged docker hack/make.sh test
 #
 # Note: AppArmor used to mess with privileged mode, but this is no longer
 # the case. Therefore, you don't have to disable it anymore.
@@ -17,10 +17,6 @@

 FROM armhf/debian:jessie

-# allow replacing httpredir or deb mirror
-ARG APT_MIRROR=deb.debian.org
-RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
-
 # Packaged dependencies
 RUN apt-get update && apt-get install -y \
 	apparmor \
@@ -31,7 +27,6 @@ RUN apt-get update && apt-get install -y \
 	build-essential \
 	createrepo \
 	curl \
-	cmake \
 	dpkg-sig \
 	git \
 	iptables \
@@ -51,16 +46,14 @@ RUN apt-get update && apt-get install -y \
 	python-websocket \
 	xfsprogs \
 	tar \
-	vim-common \
-	--no-install-recommends \
-	&& pip install awscli==1.10.15
+	--no-install-recommends

 # Get lvm2 source for compiling statically
 ENV LVM2_VERSION 2.02.103
 RUN mkdir -p /usr/local/lvm2 \
 	&& curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \
 		| tar -xzC /usr/local/lvm2 --strip-components=1
-# See https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
+# see https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags

 # Compile and install lvm2
 RUN cd /usr/local/lvm2 \
@@ -69,32 +62,41 @@ RUN cd /usr/local/lvm2 \
 		--enable-static_link \
 	&& make device-mapper \
 	&& make install_device-mapper
-# See https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
+# see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL

 # Install Go
-ENV GO_VERSION 1.7.5
-RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-armv6l.tar.gz" \
+# TODO Update to 1.5.4 once available, or build from source, as these builds
+# are marked "end of life", see http://dave.cheney.net/unofficial-arm-tarballs
+ENV GO_VERSION 1.5.3
+RUN curl -fsSL "http://dave.cheney.net/paste/go${GO_VERSION}.linux-arm.tar.gz" \
 	| tar -xzC /usr/local
 ENV PATH /go/bin:/usr/local/go/bin:$PATH
-ENV GOPATH /go
+ENV GOPATH /go:/go/src/github.com/docker/docker/vendor

-# We're building for armhf, which is ARMv7, so let's be explicit about that
+# we're building for armhf, which is ARMv7, so let's be explicit about that
 ENV GOARCH arm
 ENV GOARM 7

-# Dependency for golint
-ENV GO_TOOLS_COMMIT 823804e1ae08dbb14eb807afc7db9993bc9e3cc3
-RUN git clone https://github.com/golang/tools.git /go/src/golang.org/x/tools \
-	&& (cd /go/src/golang.org/x/tools && git checkout -q $GO_TOOLS_COMMIT)
+# This has been commented out and kept as reference because we don't support compiling with older Go anymore.
+# ENV GOFMT_VERSION 1.3.3
+# RUN curl -sSL https://storage.googleapis.com/golang/go${GOFMT_VERSION}.$(go env GOOS)-$(go env GOARCH).tar.gz | tar -C /go/bin -xz --strip-components=2 go/bin/gofmt

+ENV GO_TOOLS_COMMIT 823804e1ae08dbb14eb807afc7db9993bc9e3cc3
+# Grab Go's cover tool for dead-simple code coverage testing
+# Grab Go's vet tool for examining go code to find suspicious constructs
+# and help prevent errors that the compiler might not catch
+RUN git clone https://github.com/golang/tools.git /go/src/golang.org/x/tools \
+	&& (cd /go/src/golang.org/x/tools && git checkout -q $GO_TOOLS_COMMIT) \
+	&& go install -v golang.org/x/tools/cmd/cover \
+	&& go install -v golang.org/x/tools/cmd/vet
 # Grab Go's lint tool
 ENV GO_LINT_COMMIT 32a87160691b3c96046c0c678fe57c5bef761456
 RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint \
 	&& (cd /go/src/github.com/golang/lint && git checkout -q $GO_LINT_COMMIT) \
 	&& go install -v github.com/golang/lint/golint

-# Install seccomp: the version shipped in trusty is too old
-ENV SECCOMP_VERSION 2.3.1
+# install seccomp: the version shipped in trusty is too old
+ENV SECCOMP_VERSION 2.3.0
 RUN set -x \
 	&& export SECCOMP_PATH="$(mktemp -d)" \
 	&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
@@ -125,9 +127,10 @@ RUN set -x \
 		go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
 	&& rm -rf "$GOPATH"

-# Install notary and notary-server
-ENV NOTARY_VERSION v0.4.2
+# Install notary server
+ENV NOTARY_VERSION docker-v1.11-3
 RUN set -x \
+	&& export GO15VENDOREXPERIMENT=1 \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
 	&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
@@ -138,7 +141,7 @@ RUN set -x \
 	&& rm -rf "$GOPATH"

 # Get the "docker-py" source so we can run their integration tests
-ENV DOCKER_PY_COMMIT e2655f658408f9ad1f62abdef3eb6ed43c0cf324
+ENV DOCKER_PY_COMMIT e2878cbcc3a7eef99917adc1be252800b0e41ece
 RUN git clone https://github.com/docker/docker-py.git /docker-py \
 	&& cd /docker-py \
 	&& git checkout -q $DOCKER_PY_COMMIT \
@@ -168,13 +171,55 @@ RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
 	armhf/busybox:latest@sha256:d98a7343ac750ffe387e3d514f8521ba69846c216778919b01414b8617cfb3d4 \
 	armhf/debian:jessie@sha256:4a2187483f04a84f9830910fe3581d69b3c985cc045d9f01d8e2f3795b28107b \
 	armhf/hello-world:latest@sha256:161dcecea0225975b2ad5f768058212c1e0d39e8211098666ffa1ac74cfb7791
-# See also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)
+# see also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)

-# Install tomlv, vndr, runc, containerd, tini, docker-proxy
-# Please edit hack/dockerfile/install-binaries.sh to update them.
-COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
-COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
-RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy
+# Download man page generator
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone --depth 1 -b v1.0.4 https://github.com/cpuguy83/go-md2man.git "$GOPATH/src/github.com/cpuguy83/go-md2man" \
+	&& git clone --depth 1 -b v1.4 https://github.com/russross/blackfriday.git "$GOPATH/src/github.com/russross/blackfriday" \
+	&& go get -v -d github.com/cpuguy83/go-md2man \
+	&& go build -v -o /usr/local/bin/go-md2man github.com/cpuguy83/go-md2man \
+	&& rm -rf "$GOPATH"
+
+# Download toml validator
+ENV TOMLV_COMMIT 9baf8a8a9f2ed20a8e54160840c492f937eeaf9a
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/BurntSushi/toml.git "$GOPATH/src/github.com/BurntSushi/toml" \
+	&& (cd "$GOPATH/src/github.com/BurntSushi/toml" && git checkout -q "$TOMLV_COMMIT") \
+	&& go build -v -o /usr/local/bin/tomlv github.com/BurntSushi/toml/cmd/tomlv \
+	&& rm -rf "$GOPATH"
+
+# Build/install the tool for embedding resources in Windows binaries
+ENV RSRC_VERSION v2
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone --depth 1 -b "$RSRC_VERSION" https://github.com/akavel/rsrc.git "$GOPATH/src/github.com/akavel/rsrc" \
+	&& go build -v -o /usr/local/bin/rsrc github.com/akavel/rsrc \
+	&& rm -rf "$GOPATH"
+
+# Install runc
+ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
+	&& cd "$GOPATH/src/github.com/opencontainers/runc" \
+	&& git checkout -q "$RUNC_COMMIT" \
+	&& make static BUILDTAGS="seccomp apparmor selinux" \
+	&& cp runc /usr/local/bin/docker-runc
+
+# Install containerd
+ENV CONTAINERD_COMMIT d2f03861c91edaafdcb3961461bf82ae83785ed7
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone git://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \
+	&& cd "$GOPATH/src/github.com/docker/containerd" \
+	&& git checkout -q "$CONTAINERD_COMMIT" \
+	&& make static \
+	&& cp bin/containerd /usr/local/bin/docker-containerd \
+	&& cp bin/containerd-shim /usr/local/bin/docker-containerd-shim \
+	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr

 ENTRYPOINT ["hack/dind"]

--- a/Dockerfile.gccgo
+++ b/Dockerfile.gccgo
@@ -0,0 +1,102 @@
+# This file describes the standard way to build Docker, using docker
+#
+# Usage:
+#
+# # Assemble the full dev environment. This is slow the first time.
+# docker build -t docker -f Dockerfile.gccgo .
+#
+
+FROM gcc:5.3
+
+# Packaged dependencies
+RUN apt-get update && apt-get install -y \
+	apparmor \
+	aufs-tools \
+	btrfs-tools \
+	build-essential \
+	curl \
+	git \
+	iptables \
+	jq \
+	net-tools \
+	libapparmor-dev \
+	libcap-dev \
+	libsqlite3-dev \
+	mercurial \
+	net-tools \
+	parallel \
+	python-dev \
+	python-mock \
+	python-pip \
+	python-websocket \
+	--no-install-recommends
+
+# Get lvm2 source for compiling statically
+RUN git clone -b v2_02_103 https://git.fedorahosted.org/git/lvm2.git /usr/local/lvm2
+# see https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
+
+# Compile and install lvm2
+RUN cd /usr/local/lvm2 \
+	&& ./configure --enable-static_link \
+	&& make device-mapper \
+	&& make install_device-mapper
+# see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
+
+# install seccomp: the version shipped in jessie is too old
+ENV SECCOMP_VERSION v2.3.0
+RUN set -x \
+    && export SECCOMP_PATH=$(mktemp -d) \
+    && git clone https://github.com/seccomp/libseccomp.git "$SECCOMP_PATH" \
+    && ( \
+        cd "$SECCOMP_PATH" \
+        && git checkout "$SECCOMP_VERSION" \
+        && ./autogen.sh \
+        && ./configure --prefix=/usr \
+        && make \
+        && make install \
+    ) \
+    && rm -rf "$SECCOMP_PATH"
+
+ENV GOPATH /go:/go/src/github.com/docker/docker/vendor
+
+# Get the "docker-py" source so we can run their integration tests
+ENV DOCKER_PY_COMMIT e2878cbcc3a7eef99917adc1be252800b0e41ece
+RUN git clone https://github.com/docker/docker-py.git /docker-py \
+	&& cd /docker-py \
+	&& git checkout -q $DOCKER_PY_COMMIT
+
+# Add an unprivileged user to be used for tests which need it
+RUN groupadd -r docker
+RUN useradd --create-home --gid docker unprivilegeduser
+
+VOLUME /var/lib/docker
+WORKDIR /go/src/github.com/docker/docker
+ENV DOCKER_BUILDTAGS apparmor seccomp selinux
+
+# Install runc
+ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
+	&& cd "$GOPATH/src/github.com/opencontainers/runc" \
+	&& git checkout -q "$RUNC_COMMIT" \
+	&& make static BUILDTAGS="seccomp apparmor selinux" \
+	&& cp runc /usr/local/bin/docker-runc
+
+# Install containerd
+ENV CONTAINERD_COMMIT d2f03861c91edaafdcb3961461bf82ae83785ed7
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone git://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \
+	&& cd "$GOPATH/src/github.com/docker/containerd" \
+	&& git checkout -q "$CONTAINERD_COMMIT" \
+	&& make static \
+	&& cp bin/containerd /usr/local/bin/docker-containerd \
+	&& cp bin/containerd-shim /usr/local/bin/docker-containerd-shim \
+	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr
+
+# Wrap all commands in the "docker-in-docker" script to allow nested containers
+ENTRYPOINT ["hack/dind"]
+
+# Upload docker source
+COPY . /go/src/github.com/docker/docker
--- a/Dockerfile.ppc64le
+++ b/Dockerfile.ppc64le
@@ -9,17 +9,13 @@
 # docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
 #
 # # Run the test suite:
-# docker run --privileged docker hack/make.sh test-unit test-integration-cli test-docker-py
+# docker run --privileged docker hack/make.sh test
 #
 # Note: AppArmor used to mess with privileged mode, but this is no longer
 # the case. Therefore, you don't have to disable it anymore.
 #

-FROM ppc64le/debian:jessie
-
-# allow replacing httpredir or deb mirror
-ARG APT_MIRROR=deb.debian.org
-RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
+FROM ppc64le/gcc:5.3

 # Packaged dependencies
 RUN apt-get update && apt-get install -y \
@@ -29,7 +25,6 @@ RUN apt-get update && apt-get install -y \
 	bash-completion \
 	btrfs-tools \
 	build-essential \
-	cmake \
 	createrepo \
 	curl \
 	dpkg-sig \
@@ -51,7 +46,6 @@ RUN apt-get update && apt-get install -y \
 	python-websocket \
 	xfsprogs \
 	tar \
-	vim-common \
 	--no-install-recommends

 # Get lvm2 source for compiling statically
@@ -59,9 +53,9 @@ ENV LVM2_VERSION 2.02.103
 RUN mkdir -p /usr/local/lvm2 \
 	&& curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \
 		| tar -xzC /usr/local/lvm2 --strip-components=1
-# See https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
+# see https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags

-# Fix platform enablement in lvm2 to support ppc64le properly
+# fix platform enablement in lvm2 to support ppc64le properly
 RUN set -e \
 	&& for f in config.guess config.sub; do \
 		curl -fsSL -o "/usr/local/lvm2/autoconf/$f" "http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=$f;hb=HEAD"; \
@@ -75,38 +69,40 @@ RUN cd /usr/local/lvm2 \
 		--enable-static_link \
 	&& make device-mapper \
 	&& make install_device-mapper
-# See https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
+# see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL

-# Install seccomp: the version shipped in jessie is too old
-ENV SECCOMP_VERSION 2.3.1
-RUN set -x \
-        && export SECCOMP_PATH="$(mktemp -d)" \
-        && curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
-                | tar -xzC "$SECCOMP_PATH" --strip-components=1 \
-        && ( \
-                cd "$SECCOMP_PATH" \
-                && ./configure --prefix=/usr/local \
-                && make \
-                && make install \
-                && ldconfig \
-        ) \
-        && rm -rf "$SECCOMP_PATH"
+# TODO install Go, using gccgo as GOROOT_BOOTSTRAP (Go 1.5+ supports ppc64le properly)
+# possibly a ppc64le/golang image?

+## BUILD GOLANG
+ENV GO_VERSION 1.5.4
+ENV GO_DOWNLOAD_URL https://golang.org/dl/go${GO_VERSION}.src.tar.gz
+ENV GO_DOWNLOAD_SHA256 002acabce7ddc140d0d55891f9d4fcfbdd806b9332fb8b110c91bc91afb0bc93
+ENV GOROOT_BOOTSTRAP /usr/local

-# Install Go
-# NOTE: official ppc64le go binaries weren't available until go 1.6.4 and 1.7.4
-ENV GO_VERSION 1.7.5
-RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" \
-	| tar -xzC /usr/local
+RUN curl -fsSL "$GO_DOWNLOAD_URL" -o golang.tar.gz \
+    && echo "$GO_DOWNLOAD_SHA256  golang.tar.gz" | sha256sum -c - \
+    && tar -C /usr/src -xzf golang.tar.gz \
+    && rm golang.tar.gz \
+    && cd /usr/src/go/src && ./make.bash 2>&1

-ENV PATH /go/bin:/usr/local/go/bin:$PATH
-ENV GOPATH /go
+ENV GOROOT_BOOTSTRAP /usr/src/
+
+ENV PATH /usr/src/go/bin/:/go/bin:$PATH
+ENV GOPATH /go:/go/src/github.com/docker/docker/vendor
+
+# This has been commented out and kept as reference because we don't support compiling with older Go anymore.
+# ENV GOFMT_VERSION 1.3.3
+# RUN curl -sSL https://storage.googleapis.com/golang/go${GOFMT_VERSION}.$(go env GOOS)-$(go env GOARCH).tar.gz | tar -C /go/bin -xz --strip-components=2 go/bin/gofmt

-# Dependency for golint
 ENV GO_TOOLS_COMMIT 823804e1ae08dbb14eb807afc7db9993bc9e3cc3
+# Grab Go's cover tool for dead-simple code coverage testing
+# Grab Go's vet tool for examining go code to find suspicious constructs
+# and help prevent errors that the compiler might not catch
 RUN git clone https://github.com/golang/tools.git /go/src/golang.org/x/tools \
-	&& (cd /go/src/golang.org/x/tools && git checkout -q $GO_TOOLS_COMMIT)
-
+	&& (cd /go/src/golang.org/x/tools && git checkout -q $GO_TOOLS_COMMIT) \
+	&& go install -v golang.org/x/tools/cmd/cover \
+	&& go install -v golang.org/x/tools/cmd/vet
 # Grab Go's lint tool
 ENV GO_LINT_COMMIT 32a87160691b3c96046c0c678fe57c5bef761456
 RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint \
@@ -131,19 +127,20 @@ RUN set -x \
 	&& rm -rf "$GOPATH"

 # Install notary and notary-server
-ENV NOTARY_VERSION v0.4.2
+ENV NOTARY_VERSION docker-v1.11-3
 RUN set -x \
+	&& export GO15VENDOREXPERIMENT=1 \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
 	&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
-	&& GOPATH="$GOPATH/src/github.com/docker/notary/Godeps/_workspace:$GOPATH" \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
 		go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
-	&& GOPATH="$GOPATH/src/github.com/docker/notary/Godeps/_workspace:$GOPATH" \
+	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
 		go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
 	&& rm -rf "$GOPATH"

 # Get the "docker-py" source so we can run their integration tests
-ENV DOCKER_PY_COMMIT e2655f658408f9ad1f62abdef3eb6ed43c0cf324
+ENV DOCKER_PY_COMMIT e2878cbcc3a7eef99917adc1be252800b0e41ece
 RUN git clone https://github.com/docker/docker-py.git /docker-py \
 	&& cd /docker-py \
 	&& git checkout -q $DOCKER_PY_COMMIT \
@@ -158,7 +155,7 @@ RUN useradd --create-home --gid docker unprivilegeduser

 VOLUME /var/lib/docker
 WORKDIR /go/src/github.com/docker/docker
-ENV DOCKER_BUILDTAGS apparmor pkcs11 seccomp selinux
+ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux

 # Let us use a .bashrc file
 RUN ln -sfv $PWD/.bashrc ~/.bashrc
@@ -173,13 +170,55 @@ RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
 	ppc64le/busybox:latest@sha256:38bb82085248d5a3c24bd7a5dc146f2f2c191e189da0441f1c2ca560e3fc6f1b \
 	ppc64le/debian:jessie@sha256:412845f51b6ab662afba71bc7a716e20fdb9b84f185d180d4c7504f8a75c4f91 \
 	ppc64le/hello-world:latest@sha256:186a40a9a02ca26df0b6c8acdfb8ac2f3ae6678996a838f977e57fac9d963974
-# See also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)
+# see also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)

-# Install tomlv, vndr, runc, containerd, tini, docker-proxy
-# Please edit hack/dockerfile/install-binaries.sh to update them.
-COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
-COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
-RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy
+# Download man page generator
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone --depth 1 -b v1.0.4 https://github.com/cpuguy83/go-md2man.git "$GOPATH/src/github.com/cpuguy83/go-md2man" \
+	&& git clone --depth 1 -b v1.4 https://github.com/russross/blackfriday.git "$GOPATH/src/github.com/russross/blackfriday" \
+	&& go get -v -d github.com/cpuguy83/go-md2man \
+	&& go build -v -o /usr/local/bin/go-md2man github.com/cpuguy83/go-md2man \
+	&& rm -rf "$GOPATH"
+
+# Download toml validator
+ENV TOMLV_COMMIT 9baf8a8a9f2ed20a8e54160840c492f937eeaf9a
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/BurntSushi/toml.git "$GOPATH/src/github.com/BurntSushi/toml" \
+	&& (cd "$GOPATH/src/github.com/BurntSushi/toml" && git checkout -q "$TOMLV_COMMIT") \
+	&& go build -v -o /usr/local/bin/tomlv github.com/BurntSushi/toml/cmd/tomlv \
+	&& rm -rf "$GOPATH"
+
+# Build/install the tool for embedding resources in Windows binaries
+ENV RSRC_VERSION v2
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone --depth 1 -b "$RSRC_VERSION" https://github.com/akavel/rsrc.git "$GOPATH/src/github.com/akavel/rsrc" \
+	&& go build -v -o /usr/local/bin/rsrc github.com/akavel/rsrc \
+	&& rm -rf "$GOPATH"
+
+# Install runc
+ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
+	&& cd "$GOPATH/src/github.com/opencontainers/runc" \
+	&& git checkout -q "$RUNC_COMMIT" \
+	&& make static BUILDTAGS="apparmor selinux" \
+	&& cp runc /usr/local/bin/docker-runc
+
+# Install containerd
+ENV CONTAINERD_COMMIT d2f03861c91edaafdcb3961461bf82ae83785ed7
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone git://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \
+	&& cd "$GOPATH/src/github.com/docker/containerd" \
+	&& git checkout -q "$CONTAINERD_COMMIT" \
+	&& make static \
+	&& cp bin/containerd /usr/local/bin/docker-containerd \
+	&& cp bin/containerd-shim /usr/local/bin/docker-containerd-shim \
+	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr

 # Wrap all commands in the "docker-in-docker" script to allow nested containers
 ENTRYPOINT ["hack/dind"]
--- a/Dockerfile.s390x
+++ b/Dockerfile.s390x
@@ -9,13 +9,13 @@
 # docker run -v `pwd`:/go/src/github.com/docker/docker --privileged -i -t docker bash
 #
 # # Run the test suite:
-# docker run --privileged docker hack/make.sh test-unit test-integration-cli test-docker-py
+# docker run --privileged docker hack/make.sh test
 #
 # Note: AppArmor used to mess with privileged mode, but this is no longer
 # the case. Therefore, you don't have to disable it anymore.
 #

-FROM s390x/gcc:6.1
+FROM s390x/gcc:5.3

 # Packaged dependencies
 RUN apt-get update && apt-get install -y \
@@ -25,7 +25,6 @@ RUN apt-get update && apt-get install -y \
 	bash-completion \
 	btrfs-tools \
 	build-essential \
-	cmake \
 	createrepo \
 	curl \
 	dpkg-sig \
@@ -47,41 +46,16 @@ RUN apt-get update && apt-get install -y \
 	python-websocket \
 	xfsprogs \
 	tar \
-	vim-common \
 	--no-install-recommends

-# glibc in Debian has a bug specific to s390x that won't be fixed until Debian 8.6 is released
-# - https://github.com/docker/docker/issues/24748
-# - https://sourceware.org/git/?p=glibc.git;a=commit;h=890b7a4b33d482b5c768ab47d70758b80227e9bc
-# - https://sourceware.org/git/?p=glibc.git;a=commit;h=2e807f29595eb5b1e5d0decc6e356a3562ecc58e
-RUN echo 'deb http://httpredir.debian.org/debian jessie-proposed-updates main' >> /etc/apt/sources.list.d/pu.list \
-	&& apt-get update \
-	&& apt-get install -y libc6 \
-	&& rm -rf /var/lib/apt/lists/*
-
-# Install seccomp: the version shipped in jessie is too old
-ENV SECCOMP_VERSION 2.3.1
-RUN set -x \
-	&& export SECCOMP_PATH="$(mktemp -d)" \
-	&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
-		| tar -xzC "$SECCOMP_PATH" --strip-components=1 \
-	&& ( \
-		cd "$SECCOMP_PATH" \
-		&& ./configure --prefix=/usr/local \
-		&& make \
-		&& make install \
-		&& ldconfig \
-	) \
-	&& rm -rf "$SECCOMP_PATH"
-
 # Get lvm2 source for compiling statically
 ENV LVM2_VERSION 2.02.103
 RUN mkdir -p /usr/local/lvm2 \
 	&& curl -fsSL "https://mirrors.kernel.org/sourceware/lvm2/LVM2.${LVM2_VERSION}.tgz" \
 		| tar -xzC /usr/local/lvm2 --strip-components=1
-# See https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags
+# see https://git.fedorahosted.org/cgit/lvm2.git/refs/tags for release tags

-# Fix platform enablement in lvm2 to support s390x properly
+# fix platform enablement in lvm2 to support s390x properly
 RUN set -e \
 	&& for f in config.guess config.sub; do \
 		curl -fsSL -o "/usr/local/lvm2/autoconf/$f" "http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=$f;hb=HEAD"; \
@@ -95,57 +69,57 @@ RUN cd /usr/local/lvm2 \
 		--enable-static_link \
 	&& make device-mapper \
 	&& make install_device-mapper
-# See https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL
+# see https://git.fedorahosted.org/cgit/lvm2.git/tree/INSTALL

-ENV GO_VERSION 1.7.5
-RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-s390x.tar.gz" \
-	| tar -xzC /usr/local
+# Note: Go comes from the base image (gccgo, specifically)
+# We can't compile Go proper because s390x isn't an officially supported architecture yet.

-ENV PATH /go/bin:/usr/local/go/bin:$PATH
-ENV GOPATH /go
+ENV PATH /go/bin:$PATH
+ENV GOPATH /go:/go/src/github.com/docker/docker/vendor

-# Dependency for golint
-ENV GO_TOOLS_COMMIT 823804e1ae08dbb14eb807afc7db9993bc9e3cc3
+# This has been commented out and kept as reference because we don't support compiling with older Go anymore.
+# ENV GOFMT_VERSION 1.3.3
+# RUN curl -sSL https://storage.googleapis.com/golang/go${GOFMT_VERSION}.$(go env GOOS)-$(go env GOARCH).tar.gz | tar -C /go/bin -xz --strip-components=2 go/bin/gofmt
+
+# TODO update this sha when we upgrade to Go 1.5+
+ENV GO_TOOLS_COMMIT 069d2f3bcb68257b627205f0486d6cc69a231ff9
+# Grab Go's cover tool for dead-simple code coverage testing
+# Grab Go's vet tool for examining go code to find suspicious constructs
+# and help prevent errors that the compiler might not catch
 RUN git clone https://github.com/golang/tools.git /go/src/golang.org/x/tools \
-	&& (cd /go/src/golang.org/x/tools && git checkout -q $GO_TOOLS_COMMIT)
-
+	&& (cd /go/src/golang.org/x/tools && git checkout -q $GO_TOOLS_COMMIT) \
+	&& go install -v golang.org/x/tools/cmd/cover \
+	&& go install -v golang.org/x/tools/cmd/vet
 # Grab Go's lint tool
-ENV GO_LINT_COMMIT 32a87160691b3c96046c0c678fe57c5bef761456
+ENV GO_LINT_COMMIT f42f5c1c440621302702cb0741e9d2ca547ae80f
 RUN git clone https://github.com/golang/lint.git /go/src/github.com/golang/lint \
 	&& (cd /go/src/github.com/golang/lint && git checkout -q $GO_LINT_COMMIT) \
 	&& go install -v github.com/golang/lint/golint

-# Install two versions of the registry. The first is an older version that
-# only supports schema1 manifests. The second is a newer version that supports
-# both. This allows integration-cli tests to cover push/pull with both schema1
-# and schema2 manifests.
-ENV REGISTRY_COMMIT_SCHEMA1 ec87e9b6971d831f0eff752ddb54fb64693e51cd
-ENV REGISTRY_COMMIT 47a064d4195a9b56133891bbb13620c3ac83a827
+
+# Install registry
+ENV REGISTRY_COMMIT ec87e9b6971d831f0eff752ddb54fb64693e51cd
 RUN set -x \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone https://github.com/docker/distribution.git "$GOPATH/src/github.com/docker/distribution" \
 	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT") \
 	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
 		go build -o /usr/local/bin/registry-v2 github.com/docker/distribution/cmd/registry \
-	&& (cd "$GOPATH/src/github.com/docker/distribution" && git checkout -q "$REGISTRY_COMMIT_SCHEMA1") \
-	&& GOPATH="$GOPATH/src/github.com/docker/distribution/Godeps/_workspace:$GOPATH" \
-		go build -o /usr/local/bin/registry-v2-schema1 github.com/docker/distribution/cmd/registry \
 	&& rm -rf "$GOPATH"

-# Install notary and notary-server
-ENV NOTARY_VERSION v0.4.2
+# Install notary server
+ENV NOTARY_VERSION docker-v1.11-3
 RUN set -x \
+	&& export GO15VENDOREXPERIMENT=1 \
 	&& export GOPATH="$(mktemp -d)" \
 	&& git clone https://github.com/docker/notary.git "$GOPATH/src/github.com/docker/notary" \
 	&& (cd "$GOPATH/src/github.com/docker/notary" && git checkout -q "$NOTARY_VERSION") \
 	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
 		go build -o /usr/local/bin/notary-server github.com/docker/notary/cmd/notary-server \
-	&& GOPATH="$GOPATH/src/github.com/docker/notary/vendor:$GOPATH" \
-		go build -o /usr/local/bin/notary github.com/docker/notary/cmd/notary \
 	&& rm -rf "$GOPATH"

 # Get the "docker-py" source so we can run their integration tests
-ENV DOCKER_PY_COMMIT e2655f658408f9ad1f62abdef3eb6ed43c0cf324
+ENV DOCKER_PY_COMMIT e2878cbcc3a7eef99917adc1be252800b0e41ece
 RUN git clone https://github.com/docker/docker-py.git /docker-py \
 	&& cd /docker-py \
 	&& git checkout -q $DOCKER_PY_COMMIT \
@@ -160,7 +134,7 @@ RUN useradd --create-home --gid docker unprivilegeduser

 VOLUME /var/lib/docker
 WORKDIR /go/src/github.com/docker/docker
-ENV DOCKER_BUILDTAGS apparmor selinux seccomp
+ENV DOCKER_BUILDTAGS apparmor pkcs11 selinux

 # Let us use a .bashrc file
 RUN ln -sfv $PWD/.bashrc ~/.bashrc
@@ -175,13 +149,55 @@ RUN ./contrib/download-frozen-image-v2.sh /docker-frozen-images \
 	s390x/busybox:latest@sha256:dd61522c983884a66ed72d60301925889028c6d2d5e0220a8fe1d9b4c6a4f01b \
 	s390x/debian:jessie@sha256:b74c863400909eff3c5e196cac9bfd1f6333ce47aae6a38398d87d5875da170a \
 	s390x/hello-world:latest@sha256:780d80b3a7677c3788c0d5cd9168281320c8d4a6d9183892d8ee5cdd610f5699
-# See also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)
+# see also "hack/make/.ensure-frozen-images" (which needs to be updated any time this list is)

-# Install tomlv, vndr, runc, containerd, tini, docker-proxy
-# Please edit hack/dockerfile/install-binaries.sh to update them.
-COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
-COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
-RUN /tmp/install-binaries.sh tomlv vndr runc containerd tini proxy
+# Download man page generator
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone --depth 1 -b v1.0.4 https://github.com/cpuguy83/go-md2man.git "$GOPATH/src/github.com/cpuguy83/go-md2man" \
+	&& git clone --depth 1 -b v1.4 https://github.com/russross/blackfriday.git "$GOPATH/src/github.com/russross/blackfriday" \
+	&& go get -v -d github.com/cpuguy83/go-md2man \
+	&& go build -v -o /usr/local/bin/go-md2man github.com/cpuguy83/go-md2man \
+	&& rm -rf "$GOPATH"
+
+# Download toml validator
+ENV TOMLV_COMMIT 9baf8a8a9f2ed20a8e54160840c492f937eeaf9a
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone https://github.com/BurntSushi/toml.git "$GOPATH/src/github.com/BurntSushi/toml" \
+	&& (cd "$GOPATH/src/github.com/BurntSushi/toml" && git checkout -q "$TOMLV_COMMIT") \
+	&& go build -v -o /usr/local/bin/tomlv github.com/BurntSushi/toml/cmd/tomlv \
+	&& rm -rf "$GOPATH"
+
+# Build/install the tool for embedding resources in Windows binaries
+ENV RSRC_VERSION v2
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone --depth 1 -b "$RSRC_VERSION" https://github.com/akavel/rsrc.git "$GOPATH/src/github.com/akavel/rsrc" \
+	&& go build -v -o /usr/local/bin/rsrc github.com/akavel/rsrc \
+	&& rm -rf "$GOPATH"
+
+# Install runc
+ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
+	&& cd "$GOPATH/src/github.com/opencontainers/runc" \
+	&& git checkout -q "$RUNC_COMMIT" \
+	&& make static BUILDTAGS="seccomp apparmor selinux" \
+	&& cp runc /usr/local/bin/docker-runc
+
+# Install containerd
+ENV CONTAINERD_COMMIT d2f03861c91edaafdcb3961461bf82ae83785ed7
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone git://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \
+	&& cd "$GOPATH/src/github.com/docker/containerd" \
+	&& git checkout -q "$CONTAINERD_COMMIT" \
+	&& make static \
+	&& cp bin/containerd /usr/local/bin/docker-containerd \
+	&& cp bin/containerd-shim /usr/local/bin/docker-containerd-shim \
+	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr

 # Wrap all commands in the "docker-in-docker" script to allow nested containers
 ENTRYPOINT ["hack/dind"]
--- a/Dockerfile.simple
+++ b/Dockerfile.simple
@@ -7,21 +7,15 @@

 FROM debian:jessie

-# allow replacing httpredir or deb mirror
-ARG APT_MIRROR=deb.debian.org
-RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list
-
-# Compile and runtime deps
+# compile and runtime deps
 # https://github.com/docker/docker/blob/master/project/PACKAGERS.md#build-dependencies
 # https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies
 RUN apt-get update && apt-get install -y --no-install-recommends \
 		btrfs-tools \
-		build-essential \
 		curl \
-		cmake \
 		gcc \
 		git \
-		libapparmor-dev \
+		golang \
 		libdevmapper-dev \
 		libsqlite3-dev \
 		\
@@ -33,40 +27,29 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		xz-utils \
 		\
 		aufs-tools \
-		vim-common \
 	&& rm -rf /var/lib/apt/lists/*

-# Install seccomp: the version shipped in trusty is too old
-ENV SECCOMP_VERSION 2.3.1
+# Install runc
+ENV RUNC_COMMIT e87436998478d222be209707503c27f6f91be0c5
 RUN set -x \
-	&& export SECCOMP_PATH="$(mktemp -d)" \
-	&& curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_VERSION}/libseccomp-${SECCOMP_VERSION}.tar.gz" \
-		| tar -xzC "$SECCOMP_PATH" --strip-components=1 \
-	&& ( \
-		cd "$SECCOMP_PATH" \
-		&& ./configure --prefix=/usr/local \
-		&& make \
-		&& make install \
-		&& ldconfig \
-	) \
-	&& rm -rf "$SECCOMP_PATH"
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone git://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \
+	&& cd "$GOPATH/src/github.com/opencontainers/runc" \
+	&& git checkout -q "$RUNC_COMMIT" \
+	&& make static BUILDTAGS="seccomp apparmor selinux" \
+	&& cp runc /usr/local/bin/docker-runc

-# Install Go
-# IMPORTANT: If the version of Go is updated, the Windows to Linux CI machines
-#            will need updating, to avoid errors. Ping #docker-maintainers on IRC
-#            with a heads-up.
-ENV GO_VERSION 1.7.5
-RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" \
-	| tar -xzC /usr/local
-ENV PATH /go/bin:/usr/local/go/bin:$PATH
-ENV GOPATH /go
-ENV CGO_LDFLAGS -L/lib
-
-# Install runc, containerd, tini and docker-proxy
-# Please edit hack/dockerfile/install-binaries.sh to update them.
-COPY hack/dockerfile/binaries-commits /tmp/binaries-commits
-COPY hack/dockerfile/install-binaries.sh /tmp/install-binaries.sh
-RUN /tmp/install-binaries.sh runc containerd tini proxy
+# Install containerd
+ENV CONTAINERD_COMMIT d2f03861c91edaafdcb3961461bf82ae83785ed7
+RUN set -x \
+	&& export GOPATH="$(mktemp -d)" \
+	&& git clone git://github.com/docker/containerd.git "$GOPATH/src/github.com/docker/containerd" \
+	&& cd "$GOPATH/src/github.com/docker/containerd" \
+	&& git checkout -q "$CONTAINERD_COMMIT" \
+	&& make static \
+	&& cp bin/containerd /usr/local/bin/docker-containerd \
+	&& cp bin/containerd-shim /usr/local/bin/docker-containerd-shim \
+	&& cp bin/ctr /usr/local/bin/docker-containerd-ctr

 ENV AUTO_GOPATH 1
 WORKDIR /usr/src/docker
--- a/Dockerfile.solaris
+++ b/Dockerfile.solaris
@@ -1,20 +0,0 @@
-# Defines an image that hosts a native Docker build environment for Solaris
-# TODO: Improve stub
-
-FROM solaris:latest
-
-# compile and runtime deps
-RUN pkg install --accept \
-		git \
-		gnu-coreutils \
-		gnu-make \
-		gnu-tar \
-		diagnostic/top \
-		golang \
-		library/golang/* \
-		developer/gcc-*
-
-ENV GOPATH /go/:/usr/lib/gocode/1.5/
-ENV DOCKER_CROSSPLATFORMS solaris/amd64
-WORKDIR /go/src/github.com/docker/docker
-COPY . /go/src/github.com/docker/docker
--- a/Dockerfile.windows
+++ b/Dockerfile.windows
@@ -1,267 +1,101 @@
-# escape=`
-
-# -----------------------------------------------------------------------------------------
-# This file describes the standard way to build Docker in a container on Windows
-# Server 2016 or Windows 10.
+# This file describes the standard way to build Docker, using a docker container on Windows 
+# Server 2016
 #
-# Maintainer: @jhowardmsft
-# -----------------------------------------------------------------------------------------
-
-
-# Prerequisites:
-# --------------
-#
-# 1. Windows Server 2016 or Windows 10 with all Windows updates applied. The major 
-#    build number must be at least 14393. This can be confirmed, for example, by 
-#    running the following from an elevated PowerShell prompt - this sample output 
-#    is from a fully up to date machine as at mid-November 2016:
-#
-#    >> PS C:\> $(gin).WindowsBuildLabEx
-#    >> 14393.447.amd64fre.rs1_release_inmarket.161102-0100
-#
-# 2. Git for Windows (or another git client) must be installed. https://git-scm.com/download/win.
-#
-# 3. The machine must be configured to run containers. For example, by following
-#    the quick start guidance at https://msdn.microsoft.com/en-us/virtualization/windowscontainers/quick_start/quick_start or
-#    https://github.com/docker/labs/blob/master/windows/windows-containers/Setup.md
-#
-# 4. If building in a Hyper-V VM: For Windows Server 2016 using Windows Server
-#    containers as the default option, it is recommended you have at least 1GB 
-#    of memory assigned; For Windows 10 where Hyper-V Containers are employed, you
-#    should have at least 4GB of memory assigned. Note also, to run Hyper-V 
-#    containers in a VM, it is necessary to configure the VM for nested virtualization.
-
-# -----------------------------------------------------------------------------------------
-
-
 # Usage:
-# -----
 #
-#  The following steps should be run from an (elevated*) Windows PowerShell prompt. 
+# # Assemble the full dev environment. This is slow the first time. Run this from
+# # a directory containing the sources you are validating. For example from 
+# # c:\go\src\github.com\docker\docker
 #
-#  (*In a default installation of containers on Windows following the quick-start guidance at
-#    https://msdn.microsoft.com/en-us/virtualization/windowscontainers/quick_start/quick_start,
-#    the docker.exe client must run elevated to be able to connect to the daemon).
-#
-# 1. Clone the sources from github.com:
-#
-#    >>   git clone https://github.com/docker/docker.git C:\go\src\github.com\docker\docker
-#    >>   Cloning into 'C:\go\src\github.com\docker\docker'...
-#    >>   remote: Counting objects: 186216, done.
-#    >>   remote: Compressing objects: 100% (21/21), done.
-#    >>   remote: Total 186216 (delta 5), reused 0 (delta 0), pack-reused 186195
-#    >>   Receiving objects: 100% (186216/186216), 104.32 MiB | 8.18 MiB/s, done.
-#    >>   Resolving deltas: 100% (123139/123139), done.
-#    >>   Checking connectivity... done.
-#    >>   Checking out files: 100% (3912/3912), done.
-#    >>   PS C:\>
+# docker build -t docker -f Dockerfile.windows .
 #
 #
-# 2. Change directory to the cloned docker sources:
+# # Build docker in a container. Run the following from a Windows cmd command prommpt,
+# # replacing c:\built with the directory you want the binaries to be placed on the
+# # host system.
 #
-#    >>   cd C:\go\src\github.com\docker\docker 
+# docker run --rm -v "c:\built:c:\target" docker sh -c 'cd /c/go/src/github.com/docker/docker; hack/make.sh binary; ec=$?; if [ $ec -eq 0 ]; then robocopy /c/go/src/github.com/docker/docker/bundles/$(cat VERSION)/binary /c/target/binary; fi; exit $ec'
 #
-#
-# 3. Build a docker image with the components required to build the docker binaries from source
-#    by running one of the following:
-#
-#    >>   docker build -t nativebuildimage -f Dockerfile.windows .          
-#    >>   docker build -t nativebuildimage -f Dockerfile.windows -m 2GB .    (if using Hyper-V containers)
-#
-#
-# 4. Build the docker executable binaries by running one of the following:
-#
-#    >>   docker run --name binaries nativebuildimage hack\make.ps1 -Binary
-#    >>   docker run --name binaries -m 2GB nativebuildimage hack\make.ps1 -Binary    (if using Hyper-V containers)
-#
-#
-# 5. Copy the binaries out of the container, replacing HostPath with an appropriate destination 
-#    folder on the host system where you want the binaries to be located.
-#
-#    >>   docker cp binaries:C:\go\src\github.com\docker\docker\bundles\docker.exe C:\HostPath\docker.exe
-#    >>   docker cp binaries:C:\go\src\github.com\docker\docker\bundles\dockerd.exe C:\HostPath\dockerd.exe
-#
-#
-# 6. (Optional) Remove the interim container holding the built executable binaries:
-#
-#    >>    docker rm binaries
-#
-#
-# 7. (Optional) Remove the image used for the container in which the executable
-#    binaries are build. Tip - it may be useful to keep this image around if you need to
-#    build multiple times. Then you can take advantage of the builder cache to have an
-#    image which has all the components required to build the binaries already installed.
-#
-#    >>    docker rmi nativebuildimage
-#
-
-# -----------------------------------------------------------------------------------------
-
-
-#  The validation tests can either run in a container, or directly on the host. To run in a
-#  container, ensure you have created the nativebuildimage above. Then run one of the
-#  following from an (elevated) Windows PowerShell prompt:
-#
-#    >>   docker run --rm nativebuildimage hack\make.ps1 -DCO -PkgImports -GoFormat
-#    >>   docker run --rm -m 2GB nativebuildimage hack\make.ps1 -DCO -PkgImports -GoFormat    (if using Hyper-V containers)
-
-# To run the validation tests on the host, from the root of the repository, run the
-# following from a Windows PowerShell prompt (elevation is not required): (Note Go
-# must be installed to run these tests)
-#
-#    >>   hack\make.ps1 -DCO -PkgImports -GoFormat
-
-# -----------------------------------------------------------------------------------------
-
-
-#  To run unit tests, ensure you have created the nativebuildimage above. Then run one of
-#  the following from an (elevated) Windows PowerShell prompt:
-#
-#    >>   docker run --rm nativebuildimage hack\make.ps1 -TestUnit
-#    >>   docker run --rm -m 2GB nativebuildimage hack\make.ps1 -TestUnit    (if using Hyper-V containers)
-
-
-# -----------------------------------------------------------------------------------------
-
-
-#  To run all tests and binary build, ensure you have created the nativebuildimage above. Then 
-#  run one of the following from an (elevated) Windows PowerShell prompt:
-#
-#    >>   docker run nativebuildimage hack\make.ps1 -All
-#    >>   docker run -m 2GB nativebuildimage hack\make.ps1 -All    (if using Hyper-V containers)
-
-# -----------------------------------------------------------------------------------------
-
-
 # Important notes:
 # ---------------
 #
-# Don't attempt to use a bind-mount to pass a local directory as the bundles target
-# directory. It does not work (golang attempts for follow a mapped folder incorrectly). 
-# Instead, use docker cp as per the example.
+# 'Start-Sleep' is a deliberate workaround for a current problem on containers in Windows 
+# Server 2016. It ensures that the network is up and available for when the command is
+# network related. This bug is being tracked internally at Microsoft and exists in TP4.
+# Generally sleep 1 or 2 is probably enough, but making it 5 to make the build file
+# as bullet proof as possible. This isn't a big deal as this only runs the first time.
 #
-# go.zip is not removed from the image as it is used by the Windows CI servers
-# to ensure the host and image are running consistent versions of go.
+# The cygwin posix utilities from GIT aren't usable interactively as at January 2016. This
+# is because they require a console window which isn't present in a container in Windows.
+# See the example at the top of this file. Do NOT use -it in that docker run!!! 
 #
-# Nanoserver support is a work in progress. Although the image will build if the 
-# FROM statement is updated, it will not work when running autogen through hack\make.ps1. 
-# It is suspected that the required GCC utilities (eg gcc, windres, windmc) silently
-# quit due to the use of console hooks which are not available.
+# Don't try to use a volume for passing the source through. The cygwin posix utilities will
+# balk at reparse points. Again, see the example at the top of this file on how use a volume
+# to get the built binary out of the container.
 #
-# The docker integration tests do not currently run in a container on Windows, predominantly
-# due to Windows not supporting privileged mode, so anything using a volume would fail.
-# They (along with the rest of the docker CI suite) can be run using 
-# https://github.com/jhowardmsft/docker-w2wCIScripts/blob/master/runCI/Invoke-DockerCI.ps1.
-#
-# -----------------------------------------------------------------------------------------
+# The steps are minimised dramatically to improve performance (TP4 is slow on commit)

-
-# The number of build steps below are explicitly minimised to improve performance.
-FROM microsoft/windowsservercore
-
-# Use PowerShell as the default shell
-SHELL ["powershell", "-command"]
+FROM windowsservercore

 # Environment variable notes:
-#  - GO_VERSION must be consistent with 'Dockerfile' used by Linux.
+#  - GO_VERSION must consistent with 'Dockerfile' used by Linux'.
 #  - FROM_DOCKERFILE is used for detection of building within a container.
-ENV GO_VERSION=1.7.5 `
-    GIT_VERSION=2.11.0 `
-    GOPATH=C:\go `
+ENV GO_VERSION=1.5.4 \
+    GIT_LOCATION=https://github.com/git-for-windows/git/releases/download/v2.7.2.windows.1/Git-2.7.2-64-bit.exe \
+    RSRC_COMMIT=ba14da1f827188454a4591717fff29999010887f \
+    GOPATH=C:/go;C:/go/src/github.com/docker/docker/vendor \
    FROM_DOCKERFILE=1

-RUN `
-  $ErrorActionPreference = 'Stop'; `
-  $ProgressPreference = 'SilentlyContinue'; `
-  `
-  Function Test-Nano() { `
-    $EditionId = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name 'EditionID').EditionId; `
-    return (($EditionId -eq 'ServerStandardNano') -or ($EditionId -eq 'ServerDataCenterNano') -or ($EditionId -eq 'NanoServer')); `
-  }`
-  `
-  Function Download-File([string] $source, [string] $target) { `
-    if (Test-Nano) { `
-      $handler = New-Object System.Net.Http.HttpClientHandler; `
-      $client = New-Object System.Net.Http.HttpClient($handler); `
-      $client.Timeout = New-Object System.TimeSpan(0, 30, 0); `
-      $cancelTokenSource = [System.Threading.CancellationTokenSource]::new(); `
-      $responseMsg = $client.GetAsync([System.Uri]::new($source), $cancelTokenSource.Token); `
-      $responseMsg.Wait(); `
-      if (!$responseMsg.IsCanceled) { `
-        $response = $responseMsg.Result; `
-        if ($response.IsSuccessStatusCode) { `
-          $downloadedFileStream = [System.IO.FileStream]::new($target, [System.IO.FileMode]::Create, [System.IO.FileAccess]::Write); `
-          $copyStreamOp = $response.Content.CopyToAsync($downloadedFileStream); `
-          $copyStreamOp.Wait(); `
-          $downloadedFileStream.Close(); `
-          if ($copyStreamOp.Exception -ne $null) { throw $copyStreamOp.Exception } `
-        } `
-      } else { `
-      Throw ("Failed to download " + $source) `
-      }`
-    } else { `
-      $webClient = New-Object System.Net.WebClient; `
-      $webClient.DownloadFile($source, $target); `
-    } `
-  } `
-  `
-  setx /M PATH $('C:\git\bin;C:\git\usr\bin;'+$Env:PATH+';C:\gcc\bin;C:\go\bin'); `
-  `
-  Write-Host INFO: Downloading git...; `
-  $location='https://github.com/git-for-windows/git/releases/download/v'+$env:GIT_VERSION+'.windows.1/PortableGit-'+$env:GIT_VERSION+'-64-bit.7z.exe'; `
-  Download-File $location C:\gitsetup.7z.exe; `
-  `
-  Write-Host INFO: Downloading go...; `
-  Download-File $('https://golang.org/dl/go'+$Env:GO_VERSION+'.windows-amd64.zip') C:\go.zip; `
-  `
-  Write-Host INFO: Downloading compiler 1 of 3...; `
-  Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/gcc.zip C:\gcc.zip; `
-  `
-  Write-Host INFO: Downloading compiler 2 of 3...; `
-  Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/runtime.zip C:\runtime.zip; `
-  `
-  Write-Host INFO: Downloading compiler 3 of 3...; `
-  Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/binutils.zip C:\binutils.zip; `
-  `
-  Write-Host INFO: Installing PS7Zip package...; `
-  Install-Package PS7Zip -Force | Out-Null; `
-  Write-Host INFO: Importing PS7Zip...; `
-  Import-Module PS7Zip -Force; `
-  New-Item C:\git -ItemType Directory | Out-Null ; `
-  cd C:\git; `
-  Write-Host INFO: Extracting git...; `
-  Expand-7Zip C:\gitsetup.7z.exe | Out-Null; `
-  cd C:\; `
-  `
-  Write-Host INFO: Expanding go...; `
-  Expand-Archive C:\go.zip -DestinationPath C:\; `
-  `
-  Write-Host INFO: Expanding compiler 1 of 3...; `
-  Expand-Archive C:\gcc.zip -DestinationPath C:\gcc -Force; `
-  Write-Host INFO: Expanding compiler 2 of 3...; `
-  Expand-Archive C:\runtime.zip -DestinationPath C:\gcc -Force; `
-  Write-Host INFO: Expanding compiler 3 of 3...; `
-  Expand-Archive C:\binutils.zip -DestinationPath C:\gcc -Force; `
-  `
-  Write-Host INFO: Removing downloaded files...; `
-  Remove-Item C:\gcc.zip; `
-  Remove-Item C:\runtime.zip; `
-  Remove-Item C:\binutils.zip; `
-  Remove-Item C:\gitsetup.7z.exe; `
-  `
-  Write-Host INFO: Creating source directory...; `
-  New-Item -ItemType Directory -Path C:\go\src\github.com\docker\docker | Out-Null; `
-  `
-  Write-Host INFO: Configuring git core.autocrlf...; `
-  C:\git\bin\git config --global core.autocrlf true; `
-  `
+WORKDIR c:/
+
+# Everything downloaded/installed in one go (better performance, esp on TP4)
+RUN \
+ setx /M Path "c:\git\cmd;c:\git\bin;c:\git\usr\bin;%Path%;c:\gcc\bin;c:\go\bin" && \
+ setx GOROOT "c:\go" && \
+ powershell -command \
+  $ErrorActionPreference = 'Stop'; \
+  Start-Sleep -Seconds 5; \
+  Function Download-File([string] $source, [string] $target) { \
+   $wc = New-Object net.webclient; $wc.Downloadfile($source, $target) \
+  } \
+  \
+  Write-Host INFO: Downloading git...; \		
+  Download-File %GIT_LOCATION% gitsetup.exe; \
+  \
+  Write-Host INFO: Downloading go...; \
+  Download-File https://storage.googleapis.com/golang/go%GO_VERSION%.windows-amd64.msi go.msi; \
+  \
+  Write-Host INFO: Downloading compiler 1 of 3...; \
+  Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/gcc.zip gcc.zip; \
+  \
+  Write-Host INFO: Downloading compiler 2 of 3...; \
+  Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/runtime.zip runtime.zip; \
+  \
+  Write-Host INFO: Downloading compiler 3 of 3...; \
+  Download-File https://raw.githubusercontent.com/jhowardmsft/docker-tdmgcc/master/binutils.zip binutils.zip; \
+  \
+  Write-Host INFO: Installing git...; \
+  Start-Process gitsetup.exe -ArgumentList '/VERYSILENT /SUPPRESSMSGBOXES /CLOSEAPPLICATIONS /DIR=c:\git\' -Wait; \
+  \
+  Write-Host INFO: Installing go..."; \
+  Start-Process msiexec -ArgumentList '-i go.msi -quiet' -Wait; \
+  \
+  Write-Host INFO: Unzipping compiler...; \
+  c:\git\usr\bin\unzip.exe -q -o gcc.zip -d /c/gcc; \
+  c:\git\usr\bin\unzip.exe -q -o runtime.zip -d /c/gcc; \
+  c:\git\usr\bin\unzip.exe -q -o binutils.zip -d /c/gcc"; \
+  \
+  Write-Host INFO: Removing interim files; \
+  Remove-Item *.zip; \
+  Remove-Item go.msi; \
+  Remove-Item gitsetup.exe; \
+  \
+  Write-Host INFO: Cloning and installing RSRC; \
+  c:\git\bin\git.exe clone https://github.com/akavel/rsrc.git c:\go\src\github.com\akavel\rsrc; \
+  cd \go\src\github.com\akavel\rsrc; c:\git\bin\git.exe checkout -q %RSRC_COMMIT%; c:\go\bin\go.exe install -v; \
+  \
  Write-Host INFO: Completed
+  
+# Prepare for building
+COPY . /go/src/github.com/docker/docker

-# Make PowerShell the default entrypoint
-ENTRYPOINT ["powershell.exe"]
-
-# Set the working directory to the location of the sources
-WORKDIR C:\go\src\github.com\docker\docker
-
-# Copy the sources into the container
-COPY . .
--- a/151
+++ b/151
@@ -27,31 +27,24 @@

 		people = [
 			"aaronlehmann",
-			"akihirosuda",
-			"aluzzardi",
-			"anusha",
+			"calavera",
 			"coolljt0725",
 			"cpuguy83",
 			"crosbymichael",
-			"dnephin",
 			"duglin",
 			"estesp",
 			"icecrime",
 			"jhowardmsft",
-			"justincormack",
+			"jfrazelle",
 			"lk4d4",
-			"mavenugo",
 			"mhbauer",
-			"mlaventure",
-			"mrjana",
 			"runcom",
-			"stevvooe",
 			"tianon",
 			"tibor",
 			"tonistiigi",
 			"unclejack",
-			"vdemeester",
-			"vieux"
+			"vbatts",
+			"vdemeester"
 		]

 	[Org."Docs maintainers"]
@@ -60,7 +53,7 @@

 		people = [
 			"jamtur01",
-			"misty",
+			"moxiegirl",
 			"sven",
 			"thajeztah"
 		]
@@ -78,10 +71,6 @@
 	# - close an issue or pull request when it's inappropriate or off-topic

 		people = [
-			"aboch",
-			"andrewhsu",
-			"ehazlett",
-			"mgoelzer",
 			"programmerq",
 			"thajeztah"
 		]
@@ -93,15 +82,6 @@
 	# Thank you!

 		people = [
-			# David Calavera contributed many features to Docker, such as an improved
-			# event system, dynamic configuration reloading, volume plugins, fancy
-			# new templating options, and an external client credential store. As a
-			# maintainer, David was release captain for Docker 1.8, and competing
-			# with Jess Frazelle to be "top dream killer".
-			# David is now doing amazing stuff as CTO for https://www.netlify.com,
-			# and tweets as @calavera.
-			"calavera",
-
 			# As a maintainer, Erik was responsible for the "builder", and
 			# started the first designs for the new networking model in
 			# Docker. Erik is now working on all kinds of plugins for Docker
@@ -110,45 +90,14 @@
 			# still stumble into him in our issue tracker, or on IRC.
 			"erikh",

-			# Jessica Frazelle, also known as the "Keyser Söze of containers",
-			# runs *everything* in containers. She started contributing to
-			# Docker with a (fun fun) change involving both iptables and regular
-			# expressions (coz, YOLO!) on July 10, 2014
-			# https://github.com/docker/docker/pull/6950/commits/f3a68ffa390fb851115c77783fa4031f1d3b2995.
-			# Jess was Release Captain for Docker 1.4, 1.6 and 1.7, and contributed
-			# many features and improvement, among which "seccomp profiles" (making
-			# containers a lot more secure). Besides being a maintainer, she
-			# set up the CI infrastructure for the project, giving everyone
-			# something to shout at if a PR failed ("noooo Janky!").
-			# Jess is currently working on the DCOS security team at Mesosphere,
-			# and contributing to various open source projects.
-			# Be sure you don't miss her talks at a conference near you (a must-see),
-			# read her blog at https://blog.jessfraz.com (a must-read), and
-			# check out her open source projects on GitHub https://github.com/jessfraz (a must-try).
-			"jessfraz",
-
-			# As a docs maintainer, Mary Anthony contributed greatly to the Docker
-			# docs. She wrote the Docker Contributor Guide and Getting Started
-			# Guides. She helped create a doc build system independent of
-			# docker/docker project, and implemented a new docs.docker.com theme and
-			# nav for 2015 Dockercon. Fun fact: the most inherited layer in DockerHub
-			# public repositories was originally referenced in
-			# maryatdocker/docker-whale back in May 2015.
-			"moxiegirl",
-
-			# Vincent "vbatts!" Batts made his first contribution to the project
-			# in November 2013, to become a maintainer a few months later, on
-			# May 10, 2014 (https://github.com/docker/docker/commit/d6e666a87a01a5634c250358a94c814bf26cb778).
-			# As a maintainer, Vincent made important contributions to core elements
-			# of Docker, such as "distribution" (tarsum) and graphdrivers (btrfs, devicemapper).
-			# He also contributed the "tar-split" library, an important element
-			# for the content-addressable store.
-			# Vincent is currently a member of the Open Containers Initiative
-			# Technical Oversight Board (TOB), besides his work at Red Hat and
-			# Project Atomic. You can still find him regularly hanging out in
-			# our repository and the #docker-dev and #docker-maintainers IRC channels
-			# for a chat, as he's always a lot of fun.
-			"vbatts",
+			# Victor is one of the earliest contributors to Docker, having worked on the
+			# project when it was still "dotCloud" in April 2013. He's been responsible
+			# for multiple releases (https://github.com/docker/docker/pulls?q=is%3Apr+bump+in%3Atitle+author%3Avieux),
+			# and up until today (2015), our number 2 contributor. Although he's no longer
+			# a maintainer for the Docker "Engine", he's still actively involved in other
+			# Docker projects, and most likely can be found in the Docker Swarm repository,
+			# for which he's a core maintainer.
+			"vieux",

 			# Vishnu became a maintainer to help out on the daemon codebase and
 			# libcontainer integration. He's currently involved in the
@@ -170,31 +119,6 @@
 	Email = "aaron.lehmann@docker.com"
 	GitHub = "aaronlehmann"

-	[people.aboch]
-	Name = "Alessandro Boch"
-	Email = "aboch@docker.com"
-	GitHub = "aboch"
-
-	[people.akihirosuda]
-	Name = "Akihiro Suda"
-	Email = "suda.akihiro@lab.ntt.co.jp"
-	GitHub = "AkihiroSuda"
-
-	[people.aluzzardi]
-	Name = "Andrea Luzzardi"
-	Email = "al@docker.com"
-	GitHub = "aluzzardi"
-
-	[people.andrewhsu]
-	Name = "Andrew Hsu"
-	Email = "andrewhsu@docker.com"
-	GitHub = "andrewhsu"
-
-	[people.anusha]
-	Name = "Anusha Ragunathan"
-	Email = "anusha@docker.com"
-	GitHub = "anusha-ragunathan"
-
 	[people.calavera]
 	Name = "David Calavera"
 	Email = "david.calavera@gmail.com"
@@ -215,21 +139,11 @@
 	Email = "crosbymichael@gmail.com"
 	GitHub = "crosbymichael"

-	[people.dnephin]
-	Name = "Daniel Nephin"
-	Email = "dnephin@gmail.com"
-	GitHub = "dnephin"
-
 	[people.duglin]
 	Name = "Doug Davis"
 	Email = "dug@us.ibm.com"
 	GitHub = "duglin"

-	[people.ehazlett]
-	Name = "Evan Hazlett"
-	Email = "ejhazlett@gmail.com"
-	GitHub = "ehazlett"
-
 	[people.erikh]
 	Name = "Erik Hollensbe"
 	Email = "erik@docker.com"
@@ -255,56 +169,26 @@
 	Email = "jhoward@microsoft.com"
 	GitHub = "jhowardmsft"

-	[people.jessfraz]
+	[people.jfrazelle]
 	Name = "Jessie Frazelle"
 	Email = "jess@linux.com"
-	GitHub = "jessfraz"
-
-	[people.justincormack]
-	Name = "Justin Cormack"
-	Email = "justin.cormack@docker.com"
-	GitHub = "justincormack"
+	GitHub = "jfrazelle"

 	[people.lk4d4]
 	Name = "Alexander Morozov"
 	Email = "lk4d4@docker.com"
 	GitHub = "lk4d4"

-	[people.mavenugo]
-	Name = "Madhu Venugopal"
-	Email = "madhu@docker.com"
-	GitHub = "mavenugo"
-
-	[people.mgoelzer]
-	Name = "Mike Goelzer"
-	Email = "mike.goelzer@docker.com"
-	GitHub = "mgoelzer"
-
 	[people.mhbauer]
 	Name = "Morgan Bauer"
 	Email = "mbauer@us.ibm.com"
 	GitHub = "mhbauer"

-	[people.misty]
-	Name = "Misty Stanley-Jones"
-	Email = "misty@docker.com"
-	GitHub = "mstanleyjones"
-
-	[people.mlaventure]
-	Name = "Kenfe-Mickaël Laventure"
-	Email = "mickael.laventure@docker.com"
-	GitHub = "mlaventure"
-
 	[people.moxiegirl]
 	Name = "Mary Anthony"
 	Email = "mary.anthony@docker.com"
 	GitHub = "moxiegirl"

-	[people.mrjana]
-	Name = "Jana Radhakrishnan"
-	Email = "mrjana@docker.com"
-	GitHub = "mrjana"
-
 	[people.programmerq]
 	Name = "Jeff Anderson"
 	Email = "jeff@docker.com"
@@ -320,11 +204,6 @@
 	Email = "solomon@docker.com"
 	GitHub = "shykes"

-	[people.stevvooe]
-	Name = "Stephen Day"
-	Email = "stephen.day@docker.com"
-	GitHub = "stevvooe"
-
 	[people.sven]
 	Name = "Sven Dowideit"
 	Email = "SvenDowideit@home.org.au"
--- a/139
+++ b/139
@@ -1,40 +1,28 @@
-.PHONY: all binary build cross deb help init-go-pkg-cache install manpages rpm run shell test test-docker-py test-integration-cli test-unit tgz validate win
-
-# set the graph driver as the current graphdriver if not set
-DOCKER_GRAPHDRIVER := $(if $(DOCKER_GRAPHDRIVER),$(DOCKER_GRAPHDRIVER),$(shell docker info 2>&1 | grep "Storage Driver" | sed 's/.*: //'))
+.PHONY: all binary build cross default docs docs-build docs-shell shell test test-docker-py test-integration-cli test-unit validate

 # get OS/Arch of docker engine
 DOCKER_OSARCH := $(shell bash -c 'source hack/make/.detect-daemon-osarch && echo $${DOCKER_ENGINE_OSARCH:-$$DOCKER_CLIENT_OSARCH}')
 DOCKERFILE := $(shell bash -c 'source hack/make/.detect-daemon-osarch && echo $${DOCKERFILE}')

 # env vars passed through directly to Docker's build scripts
-# to allow things like `make KEEPBUNDLE=1 binary` easily
-# `project/PACKAGERS.md` have some limited documentation of some of these
+# to allow things like `make DOCKER_CLIENTONLY=1 binary` easily
+# `docs/sources/contributing/devenvironment.md ` and `project/PACKAGERS.md` have some limited documentation of some of these
 DOCKER_ENVS := \
-	-e BUILD_APT_MIRROR \
 	-e BUILDFLAGS \
 	-e KEEPBUNDLE \
-	-e DOCKER_BUILD_ARGS \
 	-e DOCKER_BUILD_GOGC \
 	-e DOCKER_BUILD_PKGS \
+	-e DOCKER_CLIENTONLY \
 	-e DOCKER_DEBUG \
 	-e DOCKER_EXPERIMENTAL \
-	-e DOCKER_GITCOMMIT \
-	-e DOCKER_GRAPHDRIVER=$(DOCKER_GRAPHDRIVER) \
+	-e DOCKER_GRAPHDRIVER \
 	-e DOCKER_INCREMENTAL_BINARY \
-	-e DOCKER_PORT \
 	-e DOCKER_REMAP_ROOT \
 	-e DOCKER_STORAGE_OPTS \
 	-e DOCKER_USERLANDPROXY \
 	-e TESTDIRS \
 	-e TESTFLAGS \
-	-e TIMEOUT \
-	-e HTTP_PROXY \
-	-e HTTPS_PROXY \
-	-e NO_PROXY \
-	-e http_proxy \
-	-e https_proxy \
-	-e no_proxy
+	-e TIMEOUT
 # note: we _cannot_ add "-e DOCKER_BUILDTAGS" here because even if it's unset in the shell, that would shadow the "ENV DOCKER_BUILDTAGS" set in our Dockerfile, which is very important for our official builds

 # to allow `make BIND_DIR=. shell` or `make BIND_DIR= test`
@@ -46,21 +34,13 @@ DOCKER_MOUNT := $(if $(BIND_DIR),-v "$(CURDIR)/$(BIND_DIR):/go/src/github.com/do
 # This allows the test suite to be able to run without worrying about the underlying fs used by the container running the daemon (e.g. aufs-on-aufs), so long as the host running the container is running a supported fs.
 # The volume will be cleaned up when the container is removed due to `--rm`.
 # Note that `BIND_DIR` will already be set to `bundles` if `DOCKER_HOST` is not set (see above BIND_DIR line), in such case this will do nothing since `DOCKER_MOUNT` will already be set.
-DOCKER_MOUNT := $(if $(DOCKER_MOUNT),$(DOCKER_MOUNT),-v /go/src/github.com/docker/docker/bundles)
-
-# enable .go-pkg-cache if DOCKER_INCREMENTAL_BINARY and DOCKER_MOUNT (i.e.DOCKER_HOST) are set
-PKGCACHE_DIR := $(if $(PKGCACHE_DIR),$(PKGCACHE_DIR),.go-pkg-cache)
-PKGCACHE_MAP := gopath:/go/pkg goroot-linux_amd64_netgo:/usr/local/go/pkg/linux_amd64_netgo
-DOCKER_MOUNT := $(if $(DOCKER_INCREMENTAL_BINARY),$(DOCKER_MOUNT) $(shell echo $(PKGCACHE_MAP) | sed -E 's@([^ ]*)@-v "$(CURDIR)/$(PKGCACHE_DIR)/\1"@g'),$(DOCKER_MOUNT))
+DOCKER_MOUNT := $(if $(DOCKER_MOUNT),$(DOCKER_MOUNT),-v "/go/src/github.com/docker/docker/bundles")

 GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null)
-GIT_BRANCH_CLEAN := $(shell echo $(GIT_BRANCH) | sed -e "s/[^[:alnum:]]/-/g")
-DOCKER_IMAGE := docker-dev$(if $(GIT_BRANCH_CLEAN),:$(GIT_BRANCH_CLEAN))
-DOCKER_PORT_FORWARD := $(if $(DOCKER_PORT),-p "$(DOCKER_PORT)",)
+DOCKER_IMAGE := docker-dev$(if $(GIT_BRANCH),:$(GIT_BRANCH))
+DOCKER_DOCS_IMAGE := docker-docs$(if $(GIT_BRANCH),:$(GIT_BRANCH))

-DOCKER_FLAGS := docker run --rm -i --privileged $(DOCKER_ENVS) $(DOCKER_MOUNT) $(DOCKER_PORT_FORWARD)
-BUILD_APT_MIRROR := $(if $(DOCKER_BUILD_APT_MIRROR),--build-arg APT_MIRROR=$(DOCKER_BUILD_APT_MIRROR))
-export BUILD_APT_MIRROR
+DOCKER_FLAGS := docker run --rm -i --privileged $(DOCKER_ENVS) $(DOCKER_MOUNT)

 # if this session isn't interactive, then we don't want to allocate a
 # TTY, which would fail, but if it is interactive, we do want to attach
@@ -74,74 +54,53 @@ DOCKER_RUN_DOCKER := $(DOCKER_FLAGS) "$(DOCKER_IMAGE)"

 default: binary

-all: build ## validate all checks, build linux binaries, run all tests\ncross build non-linux binaries and generate archives
-	$(DOCKER_RUN_DOCKER) bash -c 'hack/validate/default && hack/make.sh'
+all: build
+	$(DOCKER_RUN_DOCKER) hack/make.sh

-binary: build ## build the linux binaries
+binary: build
 	$(DOCKER_RUN_DOCKER) hack/make.sh binary

-build: bundles init-go-pkg-cache
-	docker build ${BUILD_APT_MIRROR} ${DOCKER_BUILD_ARGS} -t "$(DOCKER_IMAGE)" -f "$(DOCKERFILE)" .
+build: bundles
+	docker build ${DOCKER_BUILD_ARGS} -t "$(DOCKER_IMAGE)" -f "$(DOCKERFILE)" .

 bundles:
 	mkdir bundles

-cross: build ## cross build the binaries for darwin, freebsd and\nwindows
+cross: build
 	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary binary cross

-deb: build  ## build the deb packages
-	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary build-deb
-
-
-help: ## this help
-	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
-
-init-go-pkg-cache:
-	mkdir -p $(shell echo $(PKGCACHE_MAP) | sed -E 's@([^: ]*):[^ ]*@$(PKGCACHE_DIR)/\1@g')
-
-install: ## install the linux binaries
-	KEEPBUNDLE=1 hack/make.sh install-binary
-
-manpages: ## Generate man pages from go source and markdown
-	docker build -t docker-manpage-dev -f "man/$(DOCKERFILE)" ./man
-	docker run --rm \
-		-v $(PWD):/go/src/github.com/docker/docker/ \
-		docker-manpage-dev
-
-rpm: build ## build the rpm packages
-	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary build-rpm
-
-run: build ## run the docker daemon in a container
-	$(DOCKER_RUN_DOCKER) sh -c "KEEPBUNDLE=1 hack/make.sh install-binary run"
-
-shell: build ## start a shell inside the build env
-	$(DOCKER_RUN_DOCKER) bash
-
-test: build ## run the unit, integration and docker-py tests
-	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary cross test-unit test-integration-cli test-docker-py
-
-test-docker-py: build ## run the docker-py tests
-	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary test-docker-py
-
-test-integration-cli: build ## run the integration tests
-	$(DOCKER_RUN_DOCKER) hack/make.sh build-integration-test-binary dynbinary test-integration-cli
-
-test-unit: build ## run the unit tests
-	$(DOCKER_RUN_DOCKER) hack/make.sh test-unit
-
-tgz: build ## build the archives (.zip on windows and .tgz\notherwise) containing the binaries
-	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary binary cross tgz
-
-validate: build ## validate DCO, Seccomp profile generation, gofmt,\n./pkg/ isolation, golint, tests, tomls, go vet and vendor
-	$(DOCKER_RUN_DOCKER) hack/validate/all
-
-win: build ## cross build the binary for windows
+win: build
 	$(DOCKER_RUN_DOCKER) hack/make.sh win

-.PHONY: swagger-gen
-swagger-gen:
-	docker run --rm -v $(PWD):/go/src/github.com/docker/docker \
-		-w /go/src/github.com/docker/docker \
-		--entrypoint hack/generate-swagger-api.sh \
-		-e GOPATH=/go \
-		quay.io/goswagger/swagger:0.7.4
+tgz: build
+	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary binary cross tgz
+
+deb: build
+	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary build-deb
+
+docs:
+	$(MAKE) -C docs docs
+
+gccgo: build
+	$(DOCKER_RUN_DOCKER) hack/make.sh gccgo
+
+rpm: build
+	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary build-rpm
+
+shell: build
+	$(DOCKER_RUN_DOCKER) bash
+
+test: build
+	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary cross test-unit test-integration-cli test-docker-py
+
+test-docker-py: build
+	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary test-docker-py
+
+test-integration-cli: build
+	$(DOCKER_RUN_DOCKER) hack/make.sh dynbinary test-integration-cli
+
+test-unit: build
+	$(DOCKER_RUN_DOCKER) hack/make.sh test-unit
+
+validate: build
+	$(DOCKER_RUN_DOCKER) hack/make.sh validate-dco validate-default-seccomp validate-gofmt validate-pkg validate-lint validate-test validate-toml validate-vet validate-vendor
--- a/README.md
+++ b/README.md
@@ -13,18 +13,18 @@ databases, and backend services without depending on a particular stack
 or provider.

 Docker began as an open-source implementation of the deployment engine which
-powered [dotCloud](http://web.archive.org/web/20130530031104/https://www.dotcloud.com/),
-a popular Platform-as-a-Service. It benefits directly from the experience
-accumulated over several years of large-scale operation and support of hundreds
-of thousands of applications and databases.
+powers [dotCloud](https://www.dotcloud.com), a popular Platform-as-a-Service.
+It benefits directly from the experience accumulated over several years
+of large-scale operation and support of hundreds of thousands of
+applications and databases.

-![Docker logo](docs/static_files/docker-logo-compressed.png "Docker")
+![](docs/static_files/docker-logo-compressed.png "Docker")

 ## Security Disclosure

-Security is very important to us. If you have any issue regarding security,
-please disclose the information responsibly by sending an email to
-security@docker.com and not by creating a GitHub issue.
+Security is very important to us. If you have any issue regarding security, 
+please disclose the information responsibly by sending an email to 
+security@docker.com and not by creating a github issue.

 ## Better than VMs

@@ -148,6 +148,9 @@ on servers for running them. To get started, [check out the installation
 instructions in the
 documentation](https://docs.docker.com/engine/installation/).

+We also offer an [interactive tutorial](https://www.docker.com/tryit/)
+for quickly learning the basics of using Docker.
+
 Usage examples
 ==============

@@ -175,7 +178,7 @@ Under the hood, Docker is built on the following components:
 Contributing to Docker [![GoDoc](https://godoc.org/github.com/docker/docker?status.svg)](https://godoc.org/github.com/docker/docker)
 ======================

-| **Master** (Linux) | **Experimental** (Linux) | **Windows** | **FreeBSD** |
+| **Master** (Linux) | **Experimental** (linux) | **Windows** | **FreeBSD** |
 |------------------|----------------------|---------|---------|
 | [![Jenkins Build Status](https://jenkins.dockerproject.org/view/Docker/job/Docker%20Master/badge/icon)](https://jenkins.dockerproject.org/view/Docker/job/Docker%20Master/) | [![Jenkins Build Status](https://jenkins.dockerproject.org/view/Docker/job/Docker%20Master%20%28experimental%29/badge/icon)](https://jenkins.dockerproject.org/view/Docker/job/Docker%20Master%20%28experimental%29/) | [![Build Status](http://jenkins.dockerproject.org/job/Docker%20Master%20(windows)/badge/icon)](http://jenkins.dockerproject.org/job/Docker%20Master%20(windows)/) | [![Build Status](http://jenkins.dockerproject.org/job/Docker%20Master%20(freebsd)/badge/icon)](http://jenkins.dockerproject.org/job/Docker%20Master%20(freebsd)/) |

@@ -188,8 +191,8 @@ feels wrong or incomplete. Better yet, submit a PR and improve them yourself.
 Getting the development builds
 ==============================

-Want to run Docker from a master build? You can download
-master builds at [master.dockerproject.org](https://master.dockerproject.org).
+Want to run Docker from a master build? You can download 
+master builds at [master.dockerproject.org](https://master.dockerproject.org). 
 They are updated with each commit merged into the master branch.

 Don't know how to use that super cool new feature in the master build? Check
@@ -219,26 +222,20 @@ We are always open to suggestions on process improvements, and are always lookin
        IRC is a rich chat protocol but it can overwhelm new users. You can search
        <a href="https://botbot.me/freenode/docker/#" target="_blank">our chat archives</a>.
      </p>
-      Read our <a href="https://docs.docker.com/opensource/get-help/#/irc-quickstart" target="_blank">IRC quickstart guide</a> for an easy way to get started.
-    </td>
-  </tr>
-  <tr>
-    <td>Docker Community Forums</td>
-    <td>
-      The <a href="https://forums.docker.com/c/open-source-projects/de" target="_blank">Docker Engine</a>
-      group is for users of the Docker Engine project.
+      Read our <a href="https://docs.docker.com/project/get-help/#irc-quickstart" target="_blank">IRC quickstart guide</a> for an easy way to get started.
    </td>
  </tr>
  <tr>
    <td>Google Groups</td>
    <td>
-      The <a href="https://groups.google.com/forum/#!forum/docker-dev"
-      target="_blank">docker-dev</a> group is for contributors and other people
-      contributing to the Docker project.  You can join this group without a
-      Google account by sending an email to <a
-      href="mailto:docker-dev+subscribe@googlegroups.com">docker-dev+subscribe@googlegroups.com</a>.
-      You'll receive a join-request message; simply reply to the message to
-      confirm your subscription.
+      There are two groups.
+      <a href="https://groups.google.com/forum/#!forum/docker-user" target="_blank">Docker-user</a>
+      is for people using Docker containers.
+      The <a href="https://groups.google.com/forum/#!forum/docker-dev" target="_blank">docker-dev</a>
+      group is for contributors and other people contributing to the Docker
+      project.
+      You can join them without an google account by sending an email to e.g. "docker-user+subscribe@googlegroups.com".
+      After receiving the join-request message, you can simply reply to that to confirm the subscribtion.
    </td>
  </tr>
  <tr>
@@ -285,18 +282,18 @@ There are a number of projects under development that are based on Docker's
 core technology. These projects expand the tooling built around the
 Docker platform to broaden its application and utility.

-* [Docker Registry](https://github.com/docker/distribution): Registry
+* [Docker Registry](https://github.com/docker/distribution): Registry 
 server for Docker (hosting/delivery of repositories and images)
-* [Docker Machine](https://github.com/docker/machine): Machine management
+* [Docker Machine](https://github.com/docker/machine): Machine management 
 for a container-centric world
-* [Docker Swarm](https://github.com/docker/swarm): A Docker-native clustering
+* [Docker Swarm](https://github.com/docker/swarm): A Docker-native clustering 
 system
-* [Docker Compose](https://github.com/docker/compose) (formerly Fig):
+* [Docker Compose](https://github.com/docker/compose) (formerly Fig): 
 Define and run multi-container apps
-* [Kitematic](https://github.com/docker/kitematic): The easiest way to use
+* [Kitematic](https://github.com/docker/kitematic): The easiest way to use 
 Docker on Mac and Windows

-If you know of another project underway that should be listed here, please help
+If you know of another project underway that should be listed here, please help 
 us keep this list up-to-date by submitting a PR.

 Awesome-Docker
--- a/ROADMAP.md
+++ b/ROADMAP.md
@@ -63,9 +63,10 @@ containers, and not as easily dismissed).
 ## 1.3 Internal decoupling

 A lot of work has been done in trying to decouple the Docker Engine's internals. In particular, the
-API implementation has been refactored, and the Builder side of the daemon is now
-[fully independent](https://github.com/docker/docker/tree/master/builder) while still residing in
-the same repository.
+API implementation has been refactored and ongoing work is happening to move the code to a separate
+repository ([`docker/engine-api`](https://github.com/docker/engine-api)), and the Builder side of
+the daemon is now [fully independent](https://github.com/docker/docker/tree/master/builder) while
+still residing in the same repository.

 We are exploring ways to go further with that decoupling, capitalizing on the work introduced by the
 runtime renovation and plugins improvement efforts. Indeed, the combination of `containerd` support
@@ -92,7 +93,28 @@ to another node in the cluster. This will be introduced in a backward compatible
 We won't accept patches expanding the surface of `docker exec`, which we intend to keep as a
 *debugging* feature, as well as being strongly dependent on the Runtime ingredient effort.

-## 2.2 Remote Registry Operations
+## 2.2 Dockerfile syntax
+
+The Dockerfile syntax as we know it is simple, and has proven successful in supporting all our
+[official images](https://github.com/docker-library/official-images). Although this is *not* a
+definitive move, we temporarily won't accept more patches to the Dockerfile syntax for several
+reasons:
+
+  - Long term impact of syntax changes is a sensitive matter that require an amount of attention the
+    volume of Engine codebase and activity today doesn't allow us to provide.
+  - Allowing the Builder to be implemented as a separate utility consuming the Engine's API will
+    open the door for many possibilities, such as offering alternate syntaxes or DSL for existing
+    languages without cluttering the Engine's codebase.
+  - A standalone Builder will also offer the opportunity for a better dedicated group of maintainers
+    to own the Dockerfile syntax and decide collectively on the direction to give it.
+  - Our experience with official images tend to show that no new instruction or syntax expansion is
+    *strictly* necessary for the majority of use cases, and although we are aware many things are
+    still lacking for many, we cannot make it a priority yet for the above reasons.
+
+Again, this is not about saying that the Dockerfile syntax is done, it's about making choices about
+what we want to do first!
+
+## 2.3 Remote Registry Operations

 A large amount of work is ongoing in the area of image distribution and provenance. This includes
 moving to the V2 Registry API and heavily refactoring the code that powers these features. The
--- a/VENDORING.md
+++ b/VENDORING.md
@@ -20,7 +20,7 @@ Each repo should:
 github releases file.

 The goal here is for consuming repos to be able to use the tag version and
-changelog updates to determine whether the vendoring will cause any breaking or
+changelog updates to determine whether the vendoring will cause any  breaking or
 backward incompatible changes. This also means that repos can specify having
 dependency on a package of a specific version or greater up to the next major
 release, without encountering breaking changes.
@@ -38,7 +38,7 @@ to the MAJOR.MINOR.PATCH format."

 ## Vendoring cadence
 In order to avoid huge vendoring changes, it is recommended to have a regular
-cadence for vendoring updates. e.g. monthly.
+cadence for vendoring updates. eg. monthly.

 ## Pre-merge vendoring tests
 All related repos will be vendored into docker/docker.
--- a/2
+++ b/2
@@ -1 +1 @@
-17.03.0-ce
+1.11.0
--- a/api/README.md
+++ b/api/README.md
@@ -1,42 +1,5 @@
-# Working on the Engine API
+This directory contains code pertaining to the Docker API:

-The Engine API is an HTTP API used by the command-line client to communicate with the daemon. It can also be used by third-party software to control the daemon.
+ - Used by the docker client when communicating with the docker daemon

-It consists of various components in this repository:
-
- `api/swagger.yaml` A Swagger definition of the API.
- `api/types/` Types shared by both the client and server, representing various objects, options, responses, etc. Most are written manually, but some are automatically generated from the Swagger definition. See [#27919](https://github.com/docker/docker/issues/27919) for progress on this.
- `cli/` The command-line client.
- `client/` The Go client used by the command-line client. It can also be used by third-party Go programs.
- `daemon/` The daemon, which serves the API.
-
-## Swagger definition
-
-The API is defined by the [Swagger](http://swagger.io/specification/) definition in `api/swagger.yaml`. This definition can be used to:
-
-1. To automatically generate documentation.
-2. To automatically generate the Go server and client. (A work-in-progress.)
-3. Provide a machine readable version of the API for introspecting what it can do, automatically generating clients for other languages, etc.
-
-## Updating the API documentation
-
-The API documentation is generated entirely from `api/swagger.yaml`. If you make updates to the API, you'll need to edit this file to represent the change in the documentation.
-
-The file is split into two main sections:
-
- `definitions`, which defines re-usable objects used in requests and responses
- `paths`, which defines the API endpoints (and some inline objects which don't need to be reusable)
-
-To make an edit, first look for the endpoint you want to edit under `paths`, then make the required edits. Endpoints may reference reusable objects with `$ref`, which can be found in the `definitions` section.
-
-There is hopefully enough example material in the file for you to copy a similar pattern from elsewhere in the file (e.g. adding new fields or endpoints), but for the full reference, see the [Swagger specification](https://github.com/docker/docker/issues/27919)
-
-`swagger.yaml` is validated by `hack/validate/swagger` to ensure it is a valid Swagger definition. This is useful for when you are making edits to ensure you are doing the right thing.
-
-## Viewing the API documentation
-
-When you make edits to `swagger.yaml`, you may want to check the generated API documentation to ensure it renders correctly.
-
-All the documentation generation is done in the documentation repository, [docker/docker.github.io](https://github.com/docker/docker.github.io). The Swagger definition is vendored periodically into this repository, but you can manually copy over the Swagger definition to test changes.
-
-Copy `api/swagger.yaml` in this repository to `engine/api/[VERSION_NUMBER]/swagger.yaml` in the documentation repository, overwriting what is already there. Then, run `docker-compose up` in the documentation repository and browse to [http://localhost:4000/engine/api/](http://localhost:4000/engine/api/) when it finishes rendering.
+ - Used by third party tools wishing to interface with the docker daemon
--- a/api/client/attach.go
+++ b/api/client/attach.go
@@ -0,0 +1,109 @@
+package client
+
+import (
+	"fmt"
+	"io"
+
+	"golang.org/x/net/context"
+
+	"github.com/Sirupsen/logrus"
+	Cli "github.com/docker/docker/cli"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/signal"
+	"github.com/docker/engine-api/types"
+)
+
+// CmdAttach attaches to a running container.
+//
+// Usage: docker attach [OPTIONS] CONTAINER
+func (cli *DockerCli) CmdAttach(args ...string) error {
+	cmd := Cli.Subcmd("attach", []string{"CONTAINER"}, Cli.DockerCommands["attach"].Description, true)
+	noStdin := cmd.Bool([]string{"-no-stdin"}, false, "Do not attach STDIN")
+	proxy := cmd.Bool([]string{"-sig-proxy"}, true, "Proxy all received signals to the process")
+	detachKeys := cmd.String([]string{"-detach-keys"}, "", "Override the key sequence for detaching a container")
+
+	cmd.Require(flag.Exact, 1)
+
+	cmd.ParseFlags(args, true)
+
+	c, err := cli.client.ContainerInspect(context.Background(), cmd.Arg(0))
+	if err != nil {
+		return err
+	}
+
+	if !c.State.Running {
+		return fmt.Errorf("You cannot attach to a stopped container, start it first")
+	}
+
+	if c.State.Paused {
+		return fmt.Errorf("You cannot attach to a paused container, unpause it first")
+	}
+
+	if err := cli.CheckTtyInput(!*noStdin, c.Config.Tty); err != nil {
+		return err
+	}
+
+	if *detachKeys != "" {
+		cli.configFile.DetachKeys = *detachKeys
+	}
+
+	options := types.ContainerAttachOptions{
+		ContainerID: cmd.Arg(0),
+		Stream:      true,
+		Stdin:       !*noStdin && c.Config.OpenStdin,
+		Stdout:      true,
+		Stderr:      true,
+		DetachKeys:  cli.configFile.DetachKeys,
+	}
+
+	var in io.ReadCloser
+	if options.Stdin {
+		in = cli.in
+	}
+
+	if *proxy && !c.Config.Tty {
+		sigc := cli.forwardAllSignals(options.ContainerID)
+		defer signal.StopCatch(sigc)
+	}
+
+	resp, err := cli.client.ContainerAttach(context.Background(), options)
+	if err != nil {
+		return err
+	}
+	defer resp.Close()
+	if in != nil && c.Config.Tty {
+		if err := cli.setRawTerminal(); err != nil {
+			return err
+		}
+		defer cli.restoreTerminal(in)
+	}
+
+	if c.Config.Tty && cli.isTerminalOut {
+		height, width := cli.getTtySize()
+		// To handle the case where a user repeatedly attaches/detaches without resizing their
+		// terminal, the only way to get the shell prompt to display for attaches 2+ is to artificially
+		// resize it, then go back to normal. Without this, every attach after the first will
+		// require the user to manually resize or hit enter.
+		cli.resizeTtyTo(cmd.Arg(0), height+1, width+1, false)
+
+		// After the above resizing occurs, the call to monitorTtySize below will handle resetting back
+		// to the actual size.
+		if err := cli.monitorTtySize(cmd.Arg(0), false); err != nil {
+			logrus.Debugf("Error monitoring TTY size: %s", err)
+		}
+	}
+
+	if err := cli.holdHijackedConnection(c.Config.Tty, in, cli.out, cli.err, resp); err != nil {
+		return err
+	}
+
+	_, status, err := getExitCode(cli, options.ContainerID)
+	if err != nil {
+		return err
+	}
+	if status != 0 {
+		return Cli.StatusError{StatusCode: status}
+	}
+
+	return nil
+}
--- a/api/client/build.go
+++ b/api/client/build.go
@@ -0,0 +1,399 @@
+package client
+
+import (
+	"archive/tar"
+	"bufio"
+	"bytes"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"regexp"
+	"runtime"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/builder"
+	"github.com/docker/docker/builder/dockerignore"
+	Cli "github.com/docker/docker/cli"
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/fileutils"
+	"github.com/docker/docker/pkg/jsonmessage"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/progress"
+	"github.com/docker/docker/pkg/streamformatter"
+	"github.com/docker/docker/pkg/urlutil"
+	"github.com/docker/docker/reference"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/docker/engine-api/types"
+	"github.com/docker/engine-api/types/container"
+	"github.com/docker/go-units"
+)
+
+type translatorFunc func(reference.NamedTagged) (reference.Canonical, error)
+
+// CmdBuild builds a new image from the source code at a given path.
+//
+// If '-' is provided instead of a path or URL, Docker will build an image from either a Dockerfile or tar archive read from STDIN.
+//
+// Usage: docker build [OPTIONS] PATH | URL | -
+func (cli *DockerCli) CmdBuild(args ...string) error {
+	cmd := Cli.Subcmd("build", []string{"PATH | URL | -"}, Cli.DockerCommands["build"].Description, true)
+	flTags := opts.NewListOpts(validateTag)
+	cmd.Var(&flTags, []string{"t", "-tag"}, "Name and optionally a tag in the 'name:tag' format")
+	suppressOutput := cmd.Bool([]string{"q", "-quiet"}, false, "Suppress the build output and print image ID on success")
+	noCache := cmd.Bool([]string{"-no-cache"}, false, "Do not use cache when building the image")
+	rm := cmd.Bool([]string{"-rm"}, true, "Remove intermediate containers after a successful build")
+	forceRm := cmd.Bool([]string{"-force-rm"}, false, "Always remove intermediate containers")
+	pull := cmd.Bool([]string{"-pull"}, false, "Always attempt to pull a newer version of the image")
+	dockerfileName := cmd.String([]string{"f", "-file"}, "", "Name of the Dockerfile (Default is 'PATH/Dockerfile')")
+	flMemoryString := cmd.String([]string{"m", "-memory"}, "", "Memory limit")
+	flMemorySwap := cmd.String([]string{"-memory-swap"}, "", "Swap limit equal to memory plus swap: '-1' to enable unlimited swap")
+	flShmSize := cmd.String([]string{"-shm-size"}, "", "Size of /dev/shm, default value is 64MB")
+	flCPUShares := cmd.Int64([]string{"#c", "-cpu-shares"}, 0, "CPU shares (relative weight)")
+	flCPUPeriod := cmd.Int64([]string{"-cpu-period"}, 0, "Limit the CPU CFS (Completely Fair Scheduler) period")
+	flCPUQuota := cmd.Int64([]string{"-cpu-quota"}, 0, "Limit the CPU CFS (Completely Fair Scheduler) quota")
+	flCPUSetCpus := cmd.String([]string{"-cpuset-cpus"}, "", "CPUs in which to allow execution (0-3, 0,1)")
+	flCPUSetMems := cmd.String([]string{"-cpuset-mems"}, "", "MEMs in which to allow execution (0-3, 0,1)")
+	flCgroupParent := cmd.String([]string{"-cgroup-parent"}, "", "Optional parent cgroup for the container")
+	flBuildArg := opts.NewListOpts(runconfigopts.ValidateEnv)
+	cmd.Var(&flBuildArg, []string{"-build-arg"}, "Set build-time variables")
+	isolation := cmd.String([]string{"-isolation"}, "", "Container isolation technology")
+
+	flLabels := opts.NewListOpts(nil)
+	cmd.Var(&flLabels, []string{"-label"}, "Set metadata for an image")
+
+	ulimits := make(map[string]*units.Ulimit)
+	flUlimits := runconfigopts.NewUlimitOpt(&ulimits)
+	cmd.Var(flUlimits, []string{"-ulimit"}, "Ulimit options")
+
+	cmd.Require(flag.Exact, 1)
+
+	// For trusted pull on "FROM <image>" instruction.
+	addTrustedFlags(cmd, true)
+
+	cmd.ParseFlags(args, true)
+
+	var (
+		ctx io.ReadCloser
+		err error
+	)
+
+	specifiedContext := cmd.Arg(0)
+
+	var (
+		contextDir    string
+		tempDir       string
+		relDockerfile string
+		progBuff      io.Writer
+		buildBuff     io.Writer
+	)
+
+	progBuff = cli.out
+	buildBuff = cli.out
+	if *suppressOutput {
+		progBuff = bytes.NewBuffer(nil)
+		buildBuff = bytes.NewBuffer(nil)
+	}
+
+	switch {
+	case specifiedContext == "-":
+		ctx, relDockerfile, err = builder.GetContextFromReader(cli.in, *dockerfileName)
+	case urlutil.IsGitURL(specifiedContext):
+		tempDir, relDockerfile, err = builder.GetContextFromGitURL(specifiedContext, *dockerfileName)
+	case urlutil.IsURL(specifiedContext):
+		ctx, relDockerfile, err = builder.GetContextFromURL(progBuff, specifiedContext, *dockerfileName)
+	default:
+		contextDir, relDockerfile, err = builder.GetContextFromLocalDir(specifiedContext, *dockerfileName)
+	}
+
+	if err != nil {
+		if *suppressOutput && urlutil.IsURL(specifiedContext) {
+			fmt.Fprintln(cli.err, progBuff)
+		}
+		return fmt.Errorf("unable to prepare context: %s", err)
+	}
+
+	if tempDir != "" {
+		defer os.RemoveAll(tempDir)
+		contextDir = tempDir
+	}
+
+	if ctx == nil {
+		// And canonicalize dockerfile name to a platform-independent one
+		relDockerfile, err = archive.CanonicalTarNameForPath(relDockerfile)
+		if err != nil {
+			return fmt.Errorf("cannot canonicalize dockerfile path %s: %v", relDockerfile, err)
+		}
+
+		f, err := os.Open(filepath.Join(contextDir, ".dockerignore"))
+		if err != nil && !os.IsNotExist(err) {
+			return err
+		}
+
+		var excludes []string
+		if err == nil {
+			excludes, err = dockerignore.ReadAll(f)
+			if err != nil {
+				return err
+			}
+		}
+
+		if err := builder.ValidateContextDirectory(contextDir, excludes); err != nil {
+			return fmt.Errorf("Error checking context: '%s'.", err)
+		}
+
+		// If .dockerignore mentions .dockerignore or the Dockerfile
+		// then make sure we send both files over to the daemon
+		// because Dockerfile is, obviously, needed no matter what, and
+		// .dockerignore is needed to know if either one needs to be
+		// removed. The daemon will remove them for us, if needed, after it
+		// parses the Dockerfile. Ignore errors here, as they will have been
+		// caught by validateContextDirectory above.
+		var includes = []string{"."}
+		keepThem1, _ := fileutils.Matches(".dockerignore", excludes)
+		keepThem2, _ := fileutils.Matches(relDockerfile, excludes)
+		if keepThem1 || keepThem2 {
+			includes = append(includes, ".dockerignore", relDockerfile)
+		}
+
+		ctx, err = archive.TarWithOptions(contextDir, &archive.TarOptions{
+			Compression:     archive.Uncompressed,
+			ExcludePatterns: excludes,
+			IncludeFiles:    includes,
+		})
+		if err != nil {
+			return err
+		}
+	}
+
+	var resolvedTags []*resolvedTag
+	if isTrusted() {
+		// Wrap the tar archive to replace the Dockerfile entry with the rewritten
+		// Dockerfile which uses trusted pulls.
+		ctx = replaceDockerfileTarWrapper(ctx, relDockerfile, cli.trustedReference, &resolvedTags)
+	}
+
+	// Setup an upload progress bar
+	progressOutput := streamformatter.NewStreamFormatter().NewProgressOutput(progBuff, true)
+
+	var body io.Reader = progress.NewProgressReader(ctx, progressOutput, 0, "", "Sending build context to Docker daemon")
+
+	var memory int64
+	if *flMemoryString != "" {
+		parsedMemory, err := units.RAMInBytes(*flMemoryString)
+		if err != nil {
+			return err
+		}
+		memory = parsedMemory
+	}
+
+	var memorySwap int64
+	if *flMemorySwap != "" {
+		if *flMemorySwap == "-1" {
+			memorySwap = -1
+		} else {
+			parsedMemorySwap, err := units.RAMInBytes(*flMemorySwap)
+			if err != nil {
+				return err
+			}
+			memorySwap = parsedMemorySwap
+		}
+	}
+
+	var shmSize int64
+	if *flShmSize != "" {
+		shmSize, err = units.RAMInBytes(*flShmSize)
+		if err != nil {
+			return err
+		}
+	}
+
+	options := types.ImageBuildOptions{
+		Context:        body,
+		Memory:         memory,
+		MemorySwap:     memorySwap,
+		Tags:           flTags.GetAll(),
+		SuppressOutput: *suppressOutput,
+		NoCache:        *noCache,
+		Remove:         *rm,
+		ForceRemove:    *forceRm,
+		PullParent:     *pull,
+		Isolation:      container.Isolation(*isolation),
+		CPUSetCPUs:     *flCPUSetCpus,
+		CPUSetMems:     *flCPUSetMems,
+		CPUShares:      *flCPUShares,
+		CPUQuota:       *flCPUQuota,
+		CPUPeriod:      *flCPUPeriod,
+		CgroupParent:   *flCgroupParent,
+		Dockerfile:     relDockerfile,
+		ShmSize:        shmSize,
+		Ulimits:        flUlimits.GetList(),
+		BuildArgs:      runconfigopts.ConvertKVStringsToMap(flBuildArg.GetAll()),
+		AuthConfigs:    cli.retrieveAuthConfigs(),
+		Labels:         runconfigopts.ConvertKVStringsToMap(flLabels.GetAll()),
+	}
+
+	response, err := cli.client.ImageBuild(context.Background(), options)
+	if err != nil {
+		return err
+	}
+	defer response.Body.Close()
+
+	err = jsonmessage.DisplayJSONMessagesStream(response.Body, buildBuff, cli.outFd, cli.isTerminalOut, nil)
+	if err != nil {
+		if jerr, ok := err.(*jsonmessage.JSONError); ok {
+			// If no error code is set, default to 1
+			if jerr.Code == 0 {
+				jerr.Code = 1
+			}
+			if *suppressOutput {
+				fmt.Fprintf(cli.err, "%s%s", progBuff, buildBuff)
+			}
+			return Cli.StatusError{Status: jerr.Message, StatusCode: jerr.Code}
+		}
+	}
+
+	// Windows: show error message about modified file permissions if the
+	// daemon isn't running Windows.
+	if response.OSType != "windows" && runtime.GOOS == "windows" {
+		fmt.Fprintln(cli.err, `SECURITY WARNING: You are building a Docker image from Windows against a non-Windows Docker host. All files and directories added to build context will have '-rwxr-xr-x' permissions. It is recommended to double check and reset permissions for sensitive files and directories.`)
+	}
+
+	// Everything worked so if -q was provided the output from the daemon
+	// should be just the image ID and we'll print that to stdout.
+	if *suppressOutput {
+		fmt.Fprintf(cli.out, "%s", buildBuff)
+	}
+
+	if isTrusted() {
+		// Since the build was successful, now we must tag any of the resolved
+		// images from the above Dockerfile rewrite.
+		for _, resolved := range resolvedTags {
+			if err := cli.tagTrusted(resolved.digestRef, resolved.tagRef); err != nil {
+				return err
+			}
+		}
+	}
+
+	return nil
+}
+
+// validateTag checks if the given image name can be resolved.
+func validateTag(rawRepo string) (string, error) {
+	_, err := reference.ParseNamed(rawRepo)
+	if err != nil {
+		return "", err
+	}
+
+	return rawRepo, nil
+}
+
+var dockerfileFromLinePattern = regexp.MustCompile(`(?i)^[\s]*FROM[ \f\r\t\v]+(?P<image>[^ \f\r\t\v\n#]+)`)
+
+// resolvedTag records the repository, tag, and resolved digest reference
+// from a Dockerfile rewrite.
+type resolvedTag struct {
+	digestRef reference.Canonical
+	tagRef    reference.NamedTagged
+}
+
+// rewriteDockerfileFrom rewrites the given Dockerfile by resolving images in
+// "FROM <image>" instructions to a digest reference. `translator` is a
+// function that takes a repository name and tag reference and returns a
+// trusted digest reference.
+func rewriteDockerfileFrom(dockerfile io.Reader, translator translatorFunc) (newDockerfile []byte, resolvedTags []*resolvedTag, err error) {
+	scanner := bufio.NewScanner(dockerfile)
+	buf := bytes.NewBuffer(nil)
+
+	// Scan the lines of the Dockerfile, looking for a "FROM" line.
+	for scanner.Scan() {
+		line := scanner.Text()
+
+		matches := dockerfileFromLinePattern.FindStringSubmatch(line)
+		if matches != nil && matches[1] != api.NoBaseImageSpecifier {
+			// Replace the line with a resolved "FROM repo@digest"
+			ref, err := reference.ParseNamed(matches[1])
+			if err != nil {
+				return nil, nil, err
+			}
+			ref = reference.WithDefaultTag(ref)
+			if ref, ok := ref.(reference.NamedTagged); ok && isTrusted() {
+				trustedRef, err := translator(ref)
+				if err != nil {
+					return nil, nil, err
+				}
+
+				line = dockerfileFromLinePattern.ReplaceAllLiteralString(line, fmt.Sprintf("FROM %s", trustedRef.String()))
+				resolvedTags = append(resolvedTags, &resolvedTag{
+					digestRef: trustedRef,
+					tagRef:    ref,
+				})
+			}
+		}
+
+		_, err := fmt.Fprintln(buf, line)
+		if err != nil {
+			return nil, nil, err
+		}
+	}
+
+	return buf.Bytes(), resolvedTags, scanner.Err()
+}
+
+// replaceDockerfileTarWrapper wraps the given input tar archive stream and
+// replaces the entry with the given Dockerfile name with the contents of the
+// new Dockerfile. Returns a new tar archive stream with the replaced
+// Dockerfile.
+func replaceDockerfileTarWrapper(inputTarStream io.ReadCloser, dockerfileName string, translator translatorFunc, resolvedTags *[]*resolvedTag) io.ReadCloser {
+	pipeReader, pipeWriter := io.Pipe()
+	go func() {
+		tarReader := tar.NewReader(inputTarStream)
+		tarWriter := tar.NewWriter(pipeWriter)
+
+		defer inputTarStream.Close()
+
+		for {
+			hdr, err := tarReader.Next()
+			if err == io.EOF {
+				// Signals end of archive.
+				tarWriter.Close()
+				pipeWriter.Close()
+				return
+			}
+			if err != nil {
+				pipeWriter.CloseWithError(err)
+				return
+			}
+
+			var content io.Reader = tarReader
+			if hdr.Name == dockerfileName {
+				// This entry is the Dockerfile. Since the tar archive was
+				// generated from a directory on the local filesystem, the
+				// Dockerfile will only appear once in the archive.
+				var newDockerfile []byte
+				newDockerfile, *resolvedTags, err = rewriteDockerfileFrom(content, translator)
+				if err != nil {
+					pipeWriter.CloseWithError(err)
+					return
+				}
+				hdr.Size = int64(len(newDockerfile))
+				content = bytes.NewBuffer(newDockerfile)
+			}
+
+			if err := tarWriter.WriteHeader(hdr); err != nil {
+				pipeWriter.CloseWithError(err)
+				return
+			}
+
+			if _, err := io.Copy(tarWriter, content); err != nil {
+				pipeWriter.CloseWithError(err)
+				return
+			}
+		}
+	}()
+
+	return pipeReader
+}
--- a/api/client/cli.go
+++ b/api/client/cli.go
@@ -0,0 +1,215 @@
+package client
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"runtime"
+
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/cli"
+	"github.com/docker/docker/cliconfig"
+	"github.com/docker/docker/cliconfig/credentials"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/term"
+	"github.com/docker/engine-api/client"
+	"github.com/docker/go-connections/sockets"
+	"github.com/docker/go-connections/tlsconfig"
+)
+
+// DockerCli represents the docker command line client.
+// Instances of the client can be returned from NewDockerCli.
+type DockerCli struct {
+	// initializing closure
+	init func() error
+
+	// configFile has the client configuration file
+	configFile *cliconfig.ConfigFile
+	// in holds the input stream and closer (io.ReadCloser) for the client.
+	in io.ReadCloser
+	// out holds the output stream (io.Writer) for the client.
+	out io.Writer
+	// err holds the error stream (io.Writer) for the client.
+	err io.Writer
+	// keyFile holds the key file as a string.
+	keyFile string
+	// inFd holds the file descriptor of the client's STDIN (if valid).
+	inFd uintptr
+	// outFd holds file descriptor of the client's STDOUT (if valid).
+	outFd uintptr
+	// isTerminalIn indicates whether the client's STDIN is a TTY
+	isTerminalIn bool
+	// isTerminalOut indicates whether the client's STDOUT is a TTY
+	isTerminalOut bool
+	// client is the http client that performs all API operations
+	client client.APIClient
+	// state holds the terminal state
+	state *term.State
+}
+
+// Initialize calls the init function that will setup the configuration for the client
+// such as the TLS, tcp and other parameters used to run the client.
+func (cli *DockerCli) Initialize() error {
+	if cli.init == nil {
+		return nil
+	}
+	return cli.init()
+}
+
+// CheckTtyInput checks if we are trying to attach to a container tty
+// from a non-tty client input stream, and if so, returns an error.
+func (cli *DockerCli) CheckTtyInput(attachStdin, ttyMode bool) error {
+	// In order to attach to a container tty, input stream for the client must
+	// be a tty itself: redirecting or piping the client standard input is
+	// incompatible with `docker run -t`, `docker exec -t` or `docker attach`.
+	if ttyMode && attachStdin && !cli.isTerminalIn {
+		return errors.New("cannot enable tty mode on non tty input")
+	}
+	return nil
+}
+
+// PsFormat returns the format string specified in the configuration.
+// String contains columns and format specification, for example {{ID}}\t{{Name}}.
+func (cli *DockerCli) PsFormat() string {
+	return cli.configFile.PsFormat
+}
+
+// ImagesFormat returns the format string specified in the configuration.
+// String contains columns and format specification, for example {{ID}}\t{{Name}}.
+func (cli *DockerCli) ImagesFormat() string {
+	return cli.configFile.ImagesFormat
+}
+
+func (cli *DockerCli) setRawTerminal() error {
+	if cli.isTerminalIn && os.Getenv("NORAW") == "" {
+		state, err := term.SetRawTerminal(cli.inFd)
+		if err != nil {
+			return err
+		}
+		cli.state = state
+	}
+	return nil
+}
+
+func (cli *DockerCli) restoreTerminal(in io.Closer) error {
+	if cli.state != nil {
+		term.RestoreTerminal(cli.inFd, cli.state)
+	}
+	// WARNING: DO NOT REMOVE THE OS CHECK !!!
+	// For some reason this Close call blocks on darwin..
+	// As the client exists right after, simply discard the close
+	// until we find a better solution.
+	if in != nil && runtime.GOOS != "darwin" {
+		return in.Close()
+	}
+	return nil
+}
+
+// NewDockerCli returns a DockerCli instance with IO output and error streams set by in, out and err.
+// The key file, protocol (i.e. unix) and address are passed in as strings, along with the tls.Config. If the tls.Config
+// is set the client scheme will be set to https.
+// The client will be given a 32-second timeout (see https://github.com/docker/docker/pull/8035).
+func NewDockerCli(in io.ReadCloser, out, err io.Writer, clientFlags *cli.ClientFlags) *DockerCli {
+	cli := &DockerCli{
+		in:      in,
+		out:     out,
+		err:     err,
+		keyFile: clientFlags.Common.TrustKey,
+	}
+
+	cli.init = func() error {
+		clientFlags.PostParse()
+		configFile, e := cliconfig.Load(cliconfig.ConfigDir())
+		if e != nil {
+			fmt.Fprintf(cli.err, "WARNING: Error loading config file:%v\n", e)
+		}
+		if !configFile.ContainsAuth() {
+			credentials.DetectDefaultStore(configFile)
+		}
+		cli.configFile = configFile
+
+		host, err := getServerHost(clientFlags.Common.Hosts, clientFlags.Common.TLSOptions)
+		if err != nil {
+			return err
+		}
+
+		customHeaders := cli.configFile.HTTPHeaders
+		if customHeaders == nil {
+			customHeaders = map[string]string{}
+		}
+		customHeaders["User-Agent"] = clientUserAgent()
+
+		verStr := api.DefaultVersion.String()
+		if tmpStr := os.Getenv("DOCKER_API_VERSION"); tmpStr != "" {
+			verStr = tmpStr
+		}
+
+		httpClient, err := newHTTPClient(host, clientFlags.Common.TLSOptions)
+		if err != nil {
+			return err
+		}
+
+		client, err := client.NewClient(host, verStr, httpClient, customHeaders)
+		if err != nil {
+			return err
+		}
+		cli.client = client
+
+		if cli.in != nil {
+			cli.inFd, cli.isTerminalIn = term.GetFdInfo(cli.in)
+		}
+		if cli.out != nil {
+			cli.outFd, cli.isTerminalOut = term.GetFdInfo(cli.out)
+		}
+
+		return nil
+	}
+
+	return cli
+}
+
+func getServerHost(hosts []string, tlsOptions *tlsconfig.Options) (host string, err error) {
+	switch len(hosts) {
+	case 0:
+		host = os.Getenv("DOCKER_HOST")
+	case 1:
+		host = hosts[0]
+	default:
+		return "", errors.New("Please specify only one -H")
+	}
+
+	host, err = opts.ParseHost(tlsOptions != nil, host)
+	return
+}
+
+func newHTTPClient(host string, tlsOptions *tlsconfig.Options) (*http.Client, error) {
+	if tlsOptions == nil {
+		// let the api client configure the default transport.
+		return nil, nil
+	}
+
+	config, err := tlsconfig.Client(*tlsOptions)
+	if err != nil {
+		return nil, err
+	}
+	tr := &http.Transport{
+		TLSClientConfig: config,
+	}
+	proto, addr, _, err := client.ParseHost(host)
+	if err != nil {
+		return nil, err
+	}
+
+	sockets.ConfigureTransport(tr, proto, addr)
+
+	return &http.Client{
+		Transport: tr,
+	}, nil
+}
+
+func clientUserAgent() string {
+	return "Docker-Client/" + dockerversion.Version + " (" + runtime.GOOS + ")"
+}
--- a/api/client/client.go
+++ b/api/client/client.go
@@ -0,0 +1,5 @@
+// Package client provides a command-line interface for Docker.
+//
+// Run "docker help SUBCOMMAND" or "docker SUBCOMMAND --help" to see more information on any Docker subcommand, including the full list of options supported for the subcommand.
+// See https://docs.docker.com/installation/ for instructions on installing Docker.
+package client
--- a/api/client/commit.go
+++ b/api/client/commit.go
@@ -0,0 +1,85 @@
+package client
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	"github.com/docker/docker/opts"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/reference"
+	"github.com/docker/engine-api/types"
+	"github.com/docker/engine-api/types/container"
+)
+
+// CmdCommit creates a new image from a container's changes.
+//
+// Usage: docker commit [OPTIONS] CONTAINER [REPOSITORY[:TAG]]
+func (cli *DockerCli) CmdCommit(args ...string) error {
+	cmd := Cli.Subcmd("commit", []string{"CONTAINER [REPOSITORY[:TAG]]"}, Cli.DockerCommands["commit"].Description, true)
+	flPause := cmd.Bool([]string{"p", "-pause"}, true, "Pause container during commit")
+	flComment := cmd.String([]string{"m", "-message"}, "", "Commit message")
+	flAuthor := cmd.String([]string{"a", "-author"}, "", "Author (e.g., \"John Hannibal Smith <hannibal@a-team.com>\")")
+	flChanges := opts.NewListOpts(nil)
+	cmd.Var(&flChanges, []string{"c", "-change"}, "Apply Dockerfile instruction to the created image")
+	// FIXME: --run is deprecated, it will be replaced with inline Dockerfile commands.
+	flConfig := cmd.String([]string{"#-run"}, "", "This option is deprecated and will be removed in a future version in favor of inline Dockerfile-compatible commands")
+	cmd.Require(flag.Max, 2)
+	cmd.Require(flag.Min, 1)
+
+	cmd.ParseFlags(args, true)
+
+	var (
+		name             = cmd.Arg(0)
+		repositoryAndTag = cmd.Arg(1)
+		repositoryName   string
+		tag              string
+	)
+
+	//Check if the given image name can be resolved
+	if repositoryAndTag != "" {
+		ref, err := reference.ParseNamed(repositoryAndTag)
+		if err != nil {
+			return err
+		}
+
+		repositoryName = ref.Name()
+
+		switch x := ref.(type) {
+		case reference.Canonical:
+			return errors.New("cannot commit to digest reference")
+		case reference.NamedTagged:
+			tag = x.Tag()
+		}
+	}
+
+	var config *container.Config
+	if *flConfig != "" {
+		config = &container.Config{}
+		if err := json.Unmarshal([]byte(*flConfig), config); err != nil {
+			return err
+		}
+	}
+
+	options := types.ContainerCommitOptions{
+		ContainerID:    name,
+		RepositoryName: repositoryName,
+		Tag:            tag,
+		Comment:        *flComment,
+		Author:         *flAuthor,
+		Changes:        flChanges.GetAll(),
+		Pause:          *flPause,
+		Config:         config,
+	}
+
+	response, err := cli.client.ContainerCommit(context.Background(), options)
+	if err != nil {
+		return err
+	}
+
+	fmt.Fprintln(cli.out, response.ID)
+	return nil
+}
--- a/api/client/cp.go
+++ b/api/client/cp.go
@@ -0,0 +1,298 @@
+package client
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	"github.com/docker/docker/pkg/archive"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/system"
+	"github.com/docker/engine-api/types"
+)
+
+type copyDirection int
+
+const (
+	fromContainer copyDirection = (1 << iota)
+	toContainer
+	acrossContainers = fromContainer | toContainer
+)
+
+type cpConfig struct {
+	followLink bool
+}
+
+// CmdCp copies files/folders to or from a path in a container.
+//
+// When copying from a container, if DEST_PATH is '-' the data is written as a
+// tar archive file to STDOUT.
+//
+// When copying to a container, if SRC_PATH is '-' the data is read as a tar
+// archive file from STDIN, and the destination CONTAINER:DEST_PATH, must specify
+// a directory.
+//
+// Usage:
+// 	docker cp CONTAINER:SRC_PATH DEST_PATH|-
+// 	docker cp SRC_PATH|- CONTAINER:DEST_PATH
+func (cli *DockerCli) CmdCp(args ...string) error {
+	cmd := Cli.Subcmd(
+		"cp",
+		[]string{"CONTAINER:SRC_PATH DEST_PATH|-", "SRC_PATH|- CONTAINER:DEST_PATH"},
+		strings.Join([]string{
+			Cli.DockerCommands["cp"].Description,
+			"\nUse '-' as the source to read a tar archive from stdin\n",
+			"and extract it to a directory destination in a container.\n",
+			"Use '-' as the destination to stream a tar archive of a\n",
+			"container source to stdout.",
+		}, ""),
+		true,
+	)
+
+	followLink := cmd.Bool([]string{"L", "-follow-link"}, false, "Always follow symbol link in SRC_PATH")
+
+	cmd.Require(flag.Exact, 2)
+	cmd.ParseFlags(args, true)
+
+	if cmd.Arg(0) == "" {
+		return fmt.Errorf("source can not be empty")
+	}
+	if cmd.Arg(1) == "" {
+		return fmt.Errorf("destination can not be empty")
+	}
+
+	srcContainer, srcPath := splitCpArg(cmd.Arg(0))
+	dstContainer, dstPath := splitCpArg(cmd.Arg(1))
+
+	var direction copyDirection
+	if srcContainer != "" {
+		direction |= fromContainer
+	}
+	if dstContainer != "" {
+		direction |= toContainer
+	}
+
+	cpParam := &cpConfig{
+		followLink: *followLink,
+	}
+
+	switch direction {
+	case fromContainer:
+		return cli.copyFromContainer(srcContainer, srcPath, dstPath, cpParam)
+	case toContainer:
+		return cli.copyToContainer(srcPath, dstContainer, dstPath, cpParam)
+	case acrossContainers:
+		// Copying between containers isn't supported.
+		return fmt.Errorf("copying between containers is not supported")
+	default:
+		// User didn't specify any container.
+		return fmt.Errorf("must specify at least one container source")
+	}
+}
+
+// We use `:` as a delimiter between CONTAINER and PATH, but `:` could also be
+// in a valid LOCALPATH, like `file:name.txt`. We can resolve this ambiguity by
+// requiring a LOCALPATH with a `:` to be made explicit with a relative or
+// absolute path:
+// 	`/path/to/file:name.txt` or `./file:name.txt`
+//
+// This is apparently how `scp` handles this as well:
+// 	http://www.cyberciti.biz/faq/rsync-scp-file-name-with-colon-punctuation-in-it/
+//
+// We can't simply check for a filepath separator because container names may
+// have a separator, e.g., "host0/cname1" if container is in a Docker cluster,
+// so we have to check for a `/` or `.` prefix. Also, in the case of a Windows
+// client, a `:` could be part of an absolute Windows path, in which case it
+// is immediately proceeded by a backslash.
+func splitCpArg(arg string) (container, path string) {
+	if system.IsAbs(arg) {
+		// Explicit local absolute path, e.g., `C:\foo` or `/foo`.
+		return "", arg
+	}
+
+	parts := strings.SplitN(arg, ":", 2)
+
+	if len(parts) == 1 || strings.HasPrefix(parts[0], ".") {
+		// Either there's no `:` in the arg
+		// OR it's an explicit local relative path like `./file:name.txt`.
+		return "", arg
+	}
+
+	return parts[0], parts[1]
+}
+
+func (cli *DockerCli) statContainerPath(containerName, path string) (types.ContainerPathStat, error) {
+	return cli.client.ContainerStatPath(context.Background(), containerName, path)
+}
+
+func resolveLocalPath(localPath string) (absPath string, err error) {
+	if absPath, err = filepath.Abs(localPath); err != nil {
+		return
+	}
+
+	return archive.PreserveTrailingDotOrSeparator(absPath, localPath), nil
+}
+
+func (cli *DockerCli) copyFromContainer(srcContainer, srcPath, dstPath string, cpParam *cpConfig) (err error) {
+	if dstPath != "-" {
+		// Get an absolute destination path.
+		dstPath, err = resolveLocalPath(dstPath)
+		if err != nil {
+			return err
+		}
+	}
+
+	// if client requests to follow symbol link, then must decide target file to be copied
+	var rebaseName string
+	if cpParam.followLink {
+		srcStat, err := cli.statContainerPath(srcContainer, srcPath)
+
+		// If the destination is a symbolic link, we should follow it.
+		if err == nil && srcStat.Mode&os.ModeSymlink != 0 {
+			linkTarget := srcStat.LinkTarget
+			if !system.IsAbs(linkTarget) {
+				// Join with the parent directory.
+				srcParent, _ := archive.SplitPathDirEntry(srcPath)
+				linkTarget = filepath.Join(srcParent, linkTarget)
+			}
+
+			linkTarget, rebaseName = archive.GetRebaseName(srcPath, linkTarget)
+			srcPath = linkTarget
+		}
+
+	}
+
+	content, stat, err := cli.client.CopyFromContainer(context.Background(), srcContainer, srcPath)
+	if err != nil {
+		return err
+	}
+	defer content.Close()
+
+	if dstPath == "-" {
+		// Send the response to STDOUT.
+		_, err = io.Copy(os.Stdout, content)
+
+		return err
+	}
+
+	// Prepare source copy info.
+	srcInfo := archive.CopyInfo{
+		Path:       srcPath,
+		Exists:     true,
+		IsDir:      stat.Mode.IsDir(),
+		RebaseName: rebaseName,
+	}
+
+	preArchive := content
+	if len(srcInfo.RebaseName) != 0 {
+		_, srcBase := archive.SplitPathDirEntry(srcInfo.Path)
+		preArchive = archive.RebaseArchiveEntries(content, srcBase, srcInfo.RebaseName)
+	}
+	// See comments in the implementation of `archive.CopyTo` for exactly what
+	// goes into deciding how and whether the source archive needs to be
+	// altered for the correct copy behavior.
+	return archive.CopyTo(preArchive, srcInfo, dstPath)
+}
+
+func (cli *DockerCli) copyToContainer(srcPath, dstContainer, dstPath string, cpParam *cpConfig) (err error) {
+	if srcPath != "-" {
+		// Get an absolute source path.
+		srcPath, err = resolveLocalPath(srcPath)
+		if err != nil {
+			return err
+		}
+	}
+
+	// In order to get the copy behavior right, we need to know information
+	// about both the source and destination. The API is a simple tar
+	// archive/extract API but we can use the stat info header about the
+	// destination to be more informed about exactly what the destination is.
+
+	// Prepare destination copy info by stat-ing the container path.
+	dstInfo := archive.CopyInfo{Path: dstPath}
+	dstStat, err := cli.statContainerPath(dstContainer, dstPath)
+
+	// If the destination is a symbolic link, we should evaluate it.
+	if err == nil && dstStat.Mode&os.ModeSymlink != 0 {
+		linkTarget := dstStat.LinkTarget
+		if !system.IsAbs(linkTarget) {
+			// Join with the parent directory.
+			dstParent, _ := archive.SplitPathDirEntry(dstPath)
+			linkTarget = filepath.Join(dstParent, linkTarget)
+		}
+
+		dstInfo.Path = linkTarget
+		dstStat, err = cli.statContainerPath(dstContainer, linkTarget)
+	}
+
+	// Ignore any error and assume that the parent directory of the destination
+	// path exists, in which case the copy may still succeed. If there is any
+	// type of conflict (e.g., non-directory overwriting an existing directory
+	// or vice versa) the extraction will fail. If the destination simply did
+	// not exist, but the parent directory does, the extraction will still
+	// succeed.
+	if err == nil {
+		dstInfo.Exists, dstInfo.IsDir = true, dstStat.Mode.IsDir()
+	}
+
+	var (
+		content         io.Reader
+		resolvedDstPath string
+	)
+
+	if srcPath == "-" {
+		// Use STDIN.
+		content = os.Stdin
+		resolvedDstPath = dstInfo.Path
+		if !dstInfo.IsDir {
+			return fmt.Errorf("destination %q must be a directory", fmt.Sprintf("%s:%s", dstContainer, dstPath))
+		}
+	} else {
+		// Prepare source copy info.
+		srcInfo, err := archive.CopyInfoSourcePath(srcPath, cpParam.followLink)
+		if err != nil {
+			return err
+		}
+
+		srcArchive, err := archive.TarResource(srcInfo)
+		if err != nil {
+			return err
+		}
+		defer srcArchive.Close()
+
+		// With the stat info about the local source as well as the
+		// destination, we have enough information to know whether we need to
+		// alter the archive that we upload so that when the server extracts
+		// it to the specified directory in the container we get the desired
+		// copy behavior.
+
+		// See comments in the implementation of `archive.PrepareArchiveCopy`
+		// for exactly what goes into deciding how and whether the source
+		// archive needs to be altered for the correct copy behavior when it is
+		// extracted. This function also infers from the source and destination
+		// info which directory to extract to, which may be the parent of the
+		// destination that the user specified.
+		dstDir, preparedArchive, err := archive.PrepareArchiveCopy(srcArchive, srcInfo, dstInfo)
+		if err != nil {
+			return err
+		}
+		defer preparedArchive.Close()
+
+		resolvedDstPath = dstDir
+		content = preparedArchive
+	}
+
+	options := types.CopyToContainerOptions{
+		ContainerID:               dstContainer,
+		Path:                      resolvedDstPath,
+		Content:                   content,
+		AllowOverwriteDirWithFile: false,
+	}
+
+	return cli.client.CopyToContainer(context.Background(), options)
+}
--- a/api/client/create.go
+++ b/api/client/create.go
@@ -0,0 +1,180 @@
+package client
+
+import (
+	"fmt"
+	"io"
+	"os"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	"github.com/docker/docker/pkg/jsonmessage"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/docker/engine-api/client"
+	"github.com/docker/engine-api/types"
+	"github.com/docker/engine-api/types/container"
+	networktypes "github.com/docker/engine-api/types/network"
+)
+
+func (cli *DockerCli) pullImage(image string) error {
+	return cli.pullImageCustomOut(image, cli.out)
+}
+
+func (cli *DockerCli) pullImageCustomOut(image string, out io.Writer) error {
+	ref, err := reference.ParseNamed(image)
+	if err != nil {
+		return err
+	}
+
+	var tag string
+	switch x := reference.WithDefaultTag(ref).(type) {
+	case reference.Canonical:
+		tag = x.Digest().String()
+	case reference.NamedTagged:
+		tag = x.Tag()
+	}
+
+	// Resolve the Repository name from fqn to RepositoryInfo
+	repoInfo, err := registry.ParseRepositoryInfo(ref)
+	if err != nil {
+		return err
+	}
+
+	authConfig := cli.resolveAuthConfig(repoInfo.Index)
+	encodedAuth, err := encodeAuthToBase64(authConfig)
+	if err != nil {
+		return err
+	}
+
+	options := types.ImageCreateOptions{
+		Parent:       ref.Name(),
+		Tag:          tag,
+		RegistryAuth: encodedAuth,
+	}
+
+	responseBody, err := cli.client.ImageCreate(context.Background(), options)
+	if err != nil {
+		return err
+	}
+	defer responseBody.Close()
+
+	return jsonmessage.DisplayJSONMessagesStream(responseBody, out, cli.outFd, cli.isTerminalOut, nil)
+}
+
+type cidFile struct {
+	path    string
+	file    *os.File
+	written bool
+}
+
+func newCIDFile(path string) (*cidFile, error) {
+	if _, err := os.Stat(path); err == nil {
+		return nil, fmt.Errorf("Container ID file found, make sure the other container isn't running or delete %s", path)
+	}
+
+	f, err := os.Create(path)
+	if err != nil {
+		return nil, fmt.Errorf("Failed to create the container ID file: %s", err)
+	}
+
+	return &cidFile{path: path, file: f}, nil
+}
+
+func (cli *DockerCli) createContainer(config *container.Config, hostConfig *container.HostConfig, networkingConfig *networktypes.NetworkingConfig, cidfile, name string) (*types.ContainerCreateResponse, error) {
+	var containerIDFile *cidFile
+	if cidfile != "" {
+		var err error
+		if containerIDFile, err = newCIDFile(cidfile); err != nil {
+			return nil, err
+		}
+		defer containerIDFile.Close()
+	}
+
+	var trustedRef reference.Canonical
+	_, ref, err := reference.ParseIDOrReference(config.Image)
+	if err != nil {
+		return nil, err
+	}
+	if ref != nil {
+		ref = reference.WithDefaultTag(ref)
+
+		if ref, ok := ref.(reference.NamedTagged); ok && isTrusted() {
+			var err error
+			trustedRef, err = cli.trustedReference(ref)
+			if err != nil {
+				return nil, err
+			}
+			config.Image = trustedRef.String()
+		}
+	}
+
+	//create the container
+	response, err := cli.client.ContainerCreate(context.Background(), config, hostConfig, networkingConfig, name)
+
+	//if image not found try to pull it
+	if err != nil {
+		if client.IsErrImageNotFound(err) && ref != nil {
+			fmt.Fprintf(cli.err, "Unable to find image '%s' locally\n", ref.String())
+
+			// we don't want to write to stdout anything apart from container.ID
+			if err = cli.pullImageCustomOut(config.Image, cli.err); err != nil {
+				return nil, err
+			}
+			if ref, ok := ref.(reference.NamedTagged); ok && trustedRef != nil {
+				if err := cli.tagTrusted(trustedRef, ref); err != nil {
+					return nil, err
+				}
+			}
+			// Retry
+			var retryErr error
+			response, retryErr = cli.client.ContainerCreate(context.Background(), config, hostConfig, networkingConfig, name)
+			if retryErr != nil {
+				return nil, retryErr
+			}
+		} else {
+			return nil, err
+		}
+	}
+
+	for _, warning := range response.Warnings {
+		fmt.Fprintf(cli.err, "WARNING: %s\n", warning)
+	}
+	if containerIDFile != nil {
+		if err = containerIDFile.Write(response.ID); err != nil {
+			return nil, err
+		}
+	}
+	return &response, nil
+}
+
+// CmdCreate creates a new container from a given image.
+//
+// Usage: docker create [OPTIONS] IMAGE [COMMAND] [ARG...]
+func (cli *DockerCli) CmdCreate(args ...string) error {
+	cmd := Cli.Subcmd("create", []string{"IMAGE [COMMAND] [ARG...]"}, Cli.DockerCommands["create"].Description, true)
+	addTrustedFlags(cmd, true)
+
+	// These are flags not stored in Config/HostConfig
+	var (
+		flName = cmd.String([]string{"-name"}, "", "Assign a name to the container")
+	)
+
+	config, hostConfig, networkingConfig, cmd, err := runconfigopts.Parse(cmd, args)
+
+	if err != nil {
+		cmd.ReportError(err.Error(), true)
+		os.Exit(1)
+	}
+	if config.Image == "" {
+		cmd.Usage()
+		return nil
+	}
+	response, err := cli.createContainer(config, hostConfig, networkingConfig, hostConfig.ContainerIDFile, *flName)
+	if err != nil {
+		return err
+	}
+	fmt.Fprintf(cli.out, "%s\n", response.ID)
+	return nil
+}
--- a/api/client/diff.go
+++ b/api/client/diff.go
@@ -0,0 +1,49 @@
+package client
+
+import (
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	"github.com/docker/docker/pkg/archive"
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdDiff shows changes on a container's filesystem.
+//
+// Each changed file is printed on a separate line, prefixed with a single
+// character that indicates the status of the file: C (modified), A (added),
+// or D (deleted).
+//
+// Usage: docker diff CONTAINER
+func (cli *DockerCli) CmdDiff(args ...string) error {
+	cmd := Cli.Subcmd("diff", []string{"CONTAINER"}, Cli.DockerCommands["diff"].Description, true)
+	cmd.Require(flag.Exact, 1)
+
+	cmd.ParseFlags(args, true)
+
+	if cmd.Arg(0) == "" {
+		return fmt.Errorf("Container name cannot be empty")
+	}
+
+	changes, err := cli.client.ContainerDiff(context.Background(), cmd.Arg(0))
+	if err != nil {
+		return err
+	}
+
+	for _, change := range changes {
+		var kind string
+		switch change.Kind {
+		case archive.ChangeModify:
+			kind = "C"
+		case archive.ChangeAdd:
+			kind = "A"
+		case archive.ChangeDelete:
+			kind = "D"
+		}
+		fmt.Fprintf(cli.out, "%s %s\n", kind, change.Path)
+	}
+
+	return nil
+}
--- a/api/client/events.go
+++ b/api/client/events.go
@@ -0,0 +1,146 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"sort"
+	"strings"
+	"sync"
+	"time"
+
+	"golang.org/x/net/context"
+
+	"github.com/Sirupsen/logrus"
+	Cli "github.com/docker/docker/cli"
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/jsonlog"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/engine-api/types"
+	eventtypes "github.com/docker/engine-api/types/events"
+	"github.com/docker/engine-api/types/filters"
+)
+
+// CmdEvents prints a live stream of real time events from the server.
+//
+// Usage: docker events [OPTIONS]
+func (cli *DockerCli) CmdEvents(args ...string) error {
+	cmd := Cli.Subcmd("events", nil, Cli.DockerCommands["events"].Description, true)
+	since := cmd.String([]string{"-since"}, "", "Show all events created since timestamp")
+	until := cmd.String([]string{"-until"}, "", "Stream events until this timestamp")
+	flFilter := opts.NewListOpts(nil)
+	cmd.Var(&flFilter, []string{"f", "-filter"}, "Filter output based on conditions provided")
+	cmd.Require(flag.Exact, 0)
+
+	cmd.ParseFlags(args, true)
+
+	eventFilterArgs := filters.NewArgs()
+
+	// Consolidate all filter flags, and sanity check them early.
+	// They'll get process in the daemon/server.
+	for _, f := range flFilter.GetAll() {
+		var err error
+		eventFilterArgs, err = filters.ParseFlag(f, eventFilterArgs)
+		if err != nil {
+			return err
+		}
+	}
+
+	options := types.EventsOptions{
+		Since:   *since,
+		Until:   *until,
+		Filters: eventFilterArgs,
+	}
+
+	responseBody, err := cli.client.Events(context.Background(), options)
+	if err != nil {
+		return err
+	}
+	defer responseBody.Close()
+
+	return streamEvents(responseBody, cli.out)
+}
+
+// streamEvents decodes prints the incoming events in the provided output.
+func streamEvents(input io.Reader, output io.Writer) error {
+	return decodeEvents(input, func(event eventtypes.Message, err error) error {
+		if err != nil {
+			return err
+		}
+		printOutput(event, output)
+		return nil
+	})
+}
+
+type eventProcessor func(event eventtypes.Message, err error) error
+
+func decodeEvents(input io.Reader, ep eventProcessor) error {
+	dec := json.NewDecoder(input)
+	for {
+		var event eventtypes.Message
+		err := dec.Decode(&event)
+		if err != nil && err == io.EOF {
+			break
+		}
+
+		if procErr := ep(event, err); procErr != nil {
+			return procErr
+		}
+	}
+	return nil
+}
+
+// printOutput prints all types of event information.
+// Each output includes the event type, actor id, name and action.
+// Actor attributes are printed at the end if the actor has any.
+func printOutput(event eventtypes.Message, output io.Writer) {
+	if event.TimeNano != 0 {
+		fmt.Fprintf(output, "%s ", time.Unix(0, event.TimeNano).Format(jsonlog.RFC3339NanoFixed))
+	} else if event.Time != 0 {
+		fmt.Fprintf(output, "%s ", time.Unix(event.Time, 0).Format(jsonlog.RFC3339NanoFixed))
+	}
+
+	fmt.Fprintf(output, "%s %s %s", event.Type, event.Action, event.Actor.ID)
+
+	if len(event.Actor.Attributes) > 0 {
+		var attrs []string
+		var keys []string
+		for k := range event.Actor.Attributes {
+			keys = append(keys, k)
+		}
+		sort.Strings(keys)
+		for _, k := range keys {
+			v := event.Actor.Attributes[k]
+			attrs = append(attrs, fmt.Sprintf("%s=%s", k, v))
+		}
+		fmt.Fprintf(output, " (%s)", strings.Join(attrs, ", "))
+	}
+	fmt.Fprint(output, "\n")
+}
+
+type eventHandler struct {
+	handlers map[string]func(eventtypes.Message)
+	mu       sync.Mutex
+}
+
+func (w *eventHandler) Handle(action string, h func(eventtypes.Message)) {
+	w.mu.Lock()
+	w.handlers[action] = h
+	w.mu.Unlock()
+}
+
+// Watch ranges over the passed in event chan and processes the events based on the
+// handlers created for a given action.
+// To stop watching, close the event chan.
+func (w *eventHandler) Watch(c <-chan eventtypes.Message) {
+	for e := range c {
+		w.mu.Lock()
+		h, exists := w.handlers[e.Action]
+		w.mu.Unlock()
+		if !exists {
+			continue
+		}
+		logrus.Debugf("event handler: received event: %v", e)
+		go h(e)
+	}
+}
--- a/api/client/exec.go
+++ b/api/client/exec.go
@@ -0,0 +1,166 @@
+package client
+
+import (
+	"fmt"
+	"io"
+
+	"golang.org/x/net/context"
+
+	"github.com/Sirupsen/logrus"
+	Cli "github.com/docker/docker/cli"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/promise"
+	"github.com/docker/engine-api/types"
+)
+
+// CmdExec runs a command in a running container.
+//
+// Usage: docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
+func (cli *DockerCli) CmdExec(args ...string) error {
+	cmd := Cli.Subcmd("exec", []string{"CONTAINER COMMAND [ARG...]"}, Cli.DockerCommands["exec"].Description, true)
+	detachKeys := cmd.String([]string{"-detach-keys"}, "", "Override the key sequence for detaching a container")
+
+	execConfig, err := ParseExec(cmd, args)
+	// just in case the ParseExec does not exit
+	if execConfig.Container == "" || err != nil {
+		return Cli.StatusError{StatusCode: 1}
+	}
+
+	if *detachKeys != "" {
+		cli.configFile.DetachKeys = *detachKeys
+	}
+
+	// Send client escape keys
+	execConfig.DetachKeys = cli.configFile.DetachKeys
+
+	response, err := cli.client.ContainerExecCreate(context.Background(), *execConfig)
+	if err != nil {
+		return err
+	}
+
+	execID := response.ID
+	if execID == "" {
+		fmt.Fprintf(cli.out, "exec ID empty")
+		return nil
+	}
+
+	//Temp struct for execStart so that we don't need to transfer all the execConfig
+	if !execConfig.Detach {
+		if err := cli.CheckTtyInput(execConfig.AttachStdin, execConfig.Tty); err != nil {
+			return err
+		}
+	} else {
+		execStartCheck := types.ExecStartCheck{
+			Detach: execConfig.Detach,
+			Tty:    execConfig.Tty,
+		}
+
+		if err := cli.client.ContainerExecStart(context.Background(), execID, execStartCheck); err != nil {
+			return err
+		}
+		// For now don't print this - wait for when we support exec wait()
+		// fmt.Fprintf(cli.out, "%s\n", execID)
+		return nil
+	}
+
+	// Interactive exec requested.
+	var (
+		out, stderr io.Writer
+		in          io.ReadCloser
+		errCh       chan error
+	)
+
+	if execConfig.AttachStdin {
+		in = cli.in
+	}
+	if execConfig.AttachStdout {
+		out = cli.out
+	}
+	if execConfig.AttachStderr {
+		if execConfig.Tty {
+			stderr = cli.out
+		} else {
+			stderr = cli.err
+		}
+	}
+
+	resp, err := cli.client.ContainerExecAttach(context.Background(), execID, *execConfig)
+	if err != nil {
+		return err
+	}
+	defer resp.Close()
+	if in != nil && execConfig.Tty {
+		if err := cli.setRawTerminal(); err != nil {
+			return err
+		}
+		defer cli.restoreTerminal(in)
+	}
+	errCh = promise.Go(func() error {
+		return cli.holdHijackedConnection(execConfig.Tty, in, out, stderr, resp)
+	})
+
+	if execConfig.Tty && cli.isTerminalIn {
+		if err := cli.monitorTtySize(execID, true); err != nil {
+			fmt.Fprintf(cli.err, "Error monitoring TTY size: %s\n", err)
+		}
+	}
+
+	if err := <-errCh; err != nil {
+		logrus.Debugf("Error hijack: %s", err)
+		return err
+	}
+
+	var status int
+	if _, status, err = getExecExitCode(cli, execID); err != nil {
+		return err
+	}
+
+	if status != 0 {
+		return Cli.StatusError{StatusCode: status}
+	}
+
+	return nil
+}
+
+// ParseExec parses the specified args for the specified command and generates
+// an ExecConfig from it.
+// If the minimal number of specified args is not right or if specified args are
+// not valid, it will return an error.
+func ParseExec(cmd *flag.FlagSet, args []string) (*types.ExecConfig, error) {
+	var (
+		flStdin      = cmd.Bool([]string{"i", "-interactive"}, false, "Keep STDIN open even if not attached")
+		flTty        = cmd.Bool([]string{"t", "-tty"}, false, "Allocate a pseudo-TTY")
+		flDetach     = cmd.Bool([]string{"d", "-detach"}, false, "Detached mode: run command in the background")
+		flUser       = cmd.String([]string{"u", "-user"}, "", "Username or UID (format: <name|uid>[:<group|gid>])")
+		flPrivileged = cmd.Bool([]string{"-privileged"}, false, "Give extended privileges to the command")
+		execCmd      []string
+		container    string
+	)
+	cmd.Require(flag.Min, 2)
+	if err := cmd.ParseFlags(args, true); err != nil {
+		return nil, err
+	}
+	container = cmd.Arg(0)
+	parsedArgs := cmd.Args()
+	execCmd = parsedArgs[1:]
+
+	execConfig := &types.ExecConfig{
+		User:       *flUser,
+		Privileged: *flPrivileged,
+		Tty:        *flTty,
+		Cmd:        execCmd,
+		Container:  container,
+		Detach:     *flDetach,
+	}
+
+	// If -d is not set, attach to everything by default
+	if !*flDetach {
+		execConfig.AttachStdout = true
+		execConfig.AttachStderr = true
+		if *flStdin {
+			execConfig.AttachStdin = true
+		}
+	}
+
+	return execConfig, nil
+}
--- a/api/client/exec_test.go
+++ b/api/client/exec_test.go
@@ -0,0 +1,130 @@
+package client
+
+import (
+	"fmt"
+	"io/ioutil"
+	"testing"
+
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/engine-api/types"
+)
+
+type arguments struct {
+	args []string
+}
+
+func TestParseExec(t *testing.T) {
+	invalids := map[*arguments]error{
+		&arguments{[]string{"-unknown"}}: fmt.Errorf("flag provided but not defined: -unknown"),
+		&arguments{[]string{"-u"}}:       fmt.Errorf("flag needs an argument: -u"),
+		&arguments{[]string{"--user"}}:   fmt.Errorf("flag needs an argument: --user"),
+	}
+	valids := map[*arguments]*types.ExecConfig{
+		&arguments{
+			[]string{"container", "command"},
+		}: {
+			Container:    "container",
+			Cmd:          []string{"command"},
+			AttachStdout: true,
+			AttachStderr: true,
+		},
+		&arguments{
+			[]string{"container", "command1", "command2"},
+		}: {
+			Container:    "container",
+			Cmd:          []string{"command1", "command2"},
+			AttachStdout: true,
+			AttachStderr: true,
+		},
+		&arguments{
+			[]string{"-i", "-t", "-u", "uid", "container", "command"},
+		}: {
+			User:         "uid",
+			AttachStdin:  true,
+			AttachStdout: true,
+			AttachStderr: true,
+			Tty:          true,
+			Container:    "container",
+			Cmd:          []string{"command"},
+		},
+		&arguments{
+			[]string{"-d", "container", "command"},
+		}: {
+			AttachStdin:  false,
+			AttachStdout: false,
+			AttachStderr: false,
+			Detach:       true,
+			Container:    "container",
+			Cmd:          []string{"command"},
+		},
+		&arguments{
+			[]string{"-t", "-i", "-d", "container", "command"},
+		}: {
+			AttachStdin:  false,
+			AttachStdout: false,
+			AttachStderr: false,
+			Detach:       true,
+			Tty:          true,
+			Container:    "container",
+			Cmd:          []string{"command"},
+		},
+	}
+	for invalid, expectedError := range invalids {
+		cmd := flag.NewFlagSet("exec", flag.ContinueOnError)
+		cmd.ShortUsage = func() {}
+		cmd.SetOutput(ioutil.Discard)
+		_, err := ParseExec(cmd, invalid.args)
+		if err == nil || err.Error() != expectedError.Error() {
+			t.Fatalf("Expected an error [%v] for %v, got %v", expectedError, invalid, err)
+		}
+
+	}
+	for valid, expectedExecConfig := range valids {
+		cmd := flag.NewFlagSet("exec", flag.ContinueOnError)
+		cmd.ShortUsage = func() {}
+		cmd.SetOutput(ioutil.Discard)
+		execConfig, err := ParseExec(cmd, valid.args)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if !compareExecConfig(expectedExecConfig, execConfig) {
+			t.Fatalf("Expected [%v] for %v, got [%v]", expectedExecConfig, valid, execConfig)
+		}
+	}
+}
+
+func compareExecConfig(config1 *types.ExecConfig, config2 *types.ExecConfig) bool {
+	if config1.AttachStderr != config2.AttachStderr {
+		return false
+	}
+	if config1.AttachStdin != config2.AttachStdin {
+		return false
+	}
+	if config1.AttachStdout != config2.AttachStdout {
+		return false
+	}
+	if config1.Container != config2.Container {
+		return false
+	}
+	if config1.Detach != config2.Detach {
+		return false
+	}
+	if config1.Privileged != config2.Privileged {
+		return false
+	}
+	if config1.Tty != config2.Tty {
+		return false
+	}
+	if config1.User != config2.User {
+		return false
+	}
+	if len(config1.Cmd) != len(config2.Cmd) {
+		return false
+	}
+	for index, value := range config1.Cmd {
+		if value != config2.Cmd[index] {
+			return false
+		}
+	}
+	return true
+}
--- a/api/client/export.go
+++ b/api/client/export.go
@@ -0,0 +1,42 @@
+package client
+
+import (
+	"errors"
+	"io"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdExport exports a filesystem as a tar archive.
+//
+// The tar archive is streamed to STDOUT by default or written to a file.
+//
+// Usage: docker export [OPTIONS] CONTAINER
+func (cli *DockerCli) CmdExport(args ...string) error {
+	cmd := Cli.Subcmd("export", []string{"CONTAINER"}, Cli.DockerCommands["export"].Description, true)
+	outfile := cmd.String([]string{"o", "-output"}, "", "Write to a file, instead of STDOUT")
+	cmd.Require(flag.Exact, 1)
+
+	cmd.ParseFlags(args, true)
+
+	if *outfile == "" && cli.isTerminalOut {
+		return errors.New("Cowardly refusing to save to a terminal. Use the -o flag or redirect.")
+	}
+
+	responseBody, err := cli.client.ContainerExport(context.Background(), cmd.Arg(0))
+	if err != nil {
+		return err
+	}
+	defer responseBody.Close()
+
+	if *outfile == "" {
+		_, err := io.Copy(cli.out, responseBody)
+		return err
+	}
+
+	return copyToFile(*outfile, responseBody)
+
+}
--- a/api/client/formatter/custom.go
+++ b/api/client/formatter/custom.go
@@ -0,0 +1,242 @@
+package formatter
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/docker/docker/api"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/stringutils"
+	"github.com/docker/engine-api/types"
+	"github.com/docker/go-units"
+)
+
+const (
+	tableKey = "table"
+
+	containerIDHeader  = "CONTAINER ID"
+	imageHeader        = "IMAGE"
+	namesHeader        = "NAMES"
+	commandHeader      = "COMMAND"
+	createdSinceHeader = "CREATED"
+	createdAtHeader    = "CREATED AT"
+	runningForHeader   = "CREATED"
+	statusHeader       = "STATUS"
+	portsHeader        = "PORTS"
+	sizeHeader         = "SIZE"
+	labelsHeader       = "LABELS"
+	imageIDHeader      = "IMAGE ID"
+	repositoryHeader   = "REPOSITORY"
+	tagHeader          = "TAG"
+	digestHeader       = "DIGEST"
+	mountsHeader       = "MOUNTS"
+)
+
+type containerContext struct {
+	baseSubContext
+	trunc bool
+	c     types.Container
+}
+
+func (c *containerContext) ID() string {
+	c.addHeader(containerIDHeader)
+	if c.trunc {
+		return stringid.TruncateID(c.c.ID)
+	}
+	return c.c.ID
+}
+
+func (c *containerContext) Names() string {
+	c.addHeader(namesHeader)
+	names := stripNamePrefix(c.c.Names)
+	if c.trunc {
+		for _, name := range names {
+			if len(strings.Split(name, "/")) == 1 {
+				names = []string{name}
+				break
+			}
+		}
+	}
+	return strings.Join(names, ",")
+}
+
+func (c *containerContext) Image() string {
+	c.addHeader(imageHeader)
+	if c.c.Image == "" {
+		return "<no image>"
+	}
+	if c.trunc {
+		if trunc := stringid.TruncateID(c.c.ImageID); trunc == stringid.TruncateID(c.c.Image) {
+			return trunc
+		}
+	}
+	return c.c.Image
+}
+
+func (c *containerContext) Command() string {
+	c.addHeader(commandHeader)
+	command := c.c.Command
+	if c.trunc {
+		command = stringutils.Truncate(command, 20)
+	}
+	return strconv.Quote(command)
+}
+
+func (c *containerContext) CreatedAt() string {
+	c.addHeader(createdAtHeader)
+	return time.Unix(int64(c.c.Created), 0).String()
+}
+
+func (c *containerContext) RunningFor() string {
+	c.addHeader(runningForHeader)
+	createdAt := time.Unix(int64(c.c.Created), 0)
+	return units.HumanDuration(time.Now().UTC().Sub(createdAt))
+}
+
+func (c *containerContext) Ports() string {
+	c.addHeader(portsHeader)
+	return api.DisplayablePorts(c.c.Ports)
+}
+
+func (c *containerContext) Status() string {
+	c.addHeader(statusHeader)
+	return c.c.Status
+}
+
+func (c *containerContext) Size() string {
+	c.addHeader(sizeHeader)
+	srw := units.HumanSize(float64(c.c.SizeRw))
+	sv := units.HumanSize(float64(c.c.SizeRootFs))
+
+	sf := srw
+	if c.c.SizeRootFs > 0 {
+		sf = fmt.Sprintf("%s (virtual %s)", srw, sv)
+	}
+	return sf
+}
+
+func (c *containerContext) Labels() string {
+	c.addHeader(labelsHeader)
+	if c.c.Labels == nil {
+		return ""
+	}
+
+	var joinLabels []string
+	for k, v := range c.c.Labels {
+		joinLabels = append(joinLabels, fmt.Sprintf("%s=%s", k, v))
+	}
+	return strings.Join(joinLabels, ",")
+}
+
+func (c *containerContext) Label(name string) string {
+	n := strings.Split(name, ".")
+	r := strings.NewReplacer("-", " ", "_", " ")
+	h := r.Replace(n[len(n)-1])
+
+	c.addHeader(h)
+
+	if c.c.Labels == nil {
+		return ""
+	}
+	return c.c.Labels[name]
+}
+
+func (c *containerContext) Mounts() string {
+	c.addHeader(mountsHeader)
+
+	var name string
+	var mounts []string
+	for _, m := range c.c.Mounts {
+		if m.Name == "" {
+			name = m.Source
+		} else {
+			name = m.Name
+		}
+		if c.trunc {
+			name = stringutils.Truncate(name, 15)
+		}
+		mounts = append(mounts, name)
+	}
+	return strings.Join(mounts, ",")
+}
+
+type imageContext struct {
+	baseSubContext
+	trunc  bool
+	i      types.Image
+	repo   string
+	tag    string
+	digest string
+}
+
+func (c *imageContext) ID() string {
+	c.addHeader(imageIDHeader)
+	if c.trunc {
+		return stringid.TruncateID(c.i.ID)
+	}
+	return c.i.ID
+}
+
+func (c *imageContext) Repository() string {
+	c.addHeader(repositoryHeader)
+	return c.repo
+}
+
+func (c *imageContext) Tag() string {
+	c.addHeader(tagHeader)
+	return c.tag
+}
+
+func (c *imageContext) Digest() string {
+	c.addHeader(digestHeader)
+	return c.digest
+}
+
+func (c *imageContext) CreatedSince() string {
+	c.addHeader(createdSinceHeader)
+	createdAt := time.Unix(int64(c.i.Created), 0)
+	return units.HumanDuration(time.Now().UTC().Sub(createdAt))
+}
+
+func (c *imageContext) CreatedAt() string {
+	c.addHeader(createdAtHeader)
+	return time.Unix(int64(c.i.Created), 0).String()
+}
+
+func (c *imageContext) Size() string {
+	c.addHeader(sizeHeader)
+	return units.HumanSize(float64(c.i.Size))
+}
+
+type subContext interface {
+	fullHeader() string
+	addHeader(header string)
+}
+
+type baseSubContext struct {
+	header []string
+}
+
+func (c *baseSubContext) fullHeader() string {
+	if c.header == nil {
+		return ""
+	}
+	return strings.Join(c.header, "\t")
+}
+
+func (c *baseSubContext) addHeader(header string) {
+	if c.header == nil {
+		c.header = []string{}
+	}
+	c.header = append(c.header, strings.ToUpper(header))
+}
+
+func stripNamePrefix(ss []string) []string {
+	for i, s := range ss {
+		ss[i] = s[1:]
+	}
+
+	return ss
+}
--- a/api/client/formatter/custom_test.go
+++ b/api/client/formatter/custom_test.go
@@ -0,0 +1,192 @@
+package formatter
+
+import (
+	"reflect"
+	"strings"
+	"testing"
+	"time"
+
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/engine-api/types"
+)
+
+func TestContainerPsContext(t *testing.T) {
+	containerID := stringid.GenerateRandomID()
+	unix := time.Now().Add(-65 * time.Second).Unix()
+
+	var ctx containerContext
+	cases := []struct {
+		container types.Container
+		trunc     bool
+		expValue  string
+		expHeader string
+		call      func() string
+	}{
+		{types.Container{ID: containerID}, true, stringid.TruncateID(containerID), containerIDHeader, ctx.ID},
+		{types.Container{ID: containerID}, false, containerID, containerIDHeader, ctx.ID},
+		{types.Container{Names: []string{"/foobar_baz"}}, true, "foobar_baz", namesHeader, ctx.Names},
+		{types.Container{Image: "ubuntu"}, true, "ubuntu", imageHeader, ctx.Image},
+		{types.Container{Image: "verylongimagename"}, true, "verylongimagename", imageHeader, ctx.Image},
+		{types.Container{Image: "verylongimagename"}, false, "verylongimagename", imageHeader, ctx.Image},
+		{types.Container{
+			Image:   "a5a665ff33eced1e0803148700880edab4",
+			ImageID: "a5a665ff33eced1e0803148700880edab4269067ed77e27737a708d0d293fbf5",
+		},
+			true,
+			"a5a665ff33ec",
+			imageHeader,
+			ctx.Image,
+		},
+		{types.Container{
+			Image:   "a5a665ff33eced1e0803148700880edab4",
+			ImageID: "a5a665ff33eced1e0803148700880edab4269067ed77e27737a708d0d293fbf5",
+		},
+			false,
+			"a5a665ff33eced1e0803148700880edab4",
+			imageHeader,
+			ctx.Image,
+		},
+		{types.Container{Image: ""}, true, "<no image>", imageHeader, ctx.Image},
+		{types.Container{Command: "sh -c 'ls -la'"}, true, `"sh -c 'ls -la'"`, commandHeader, ctx.Command},
+		{types.Container{Created: unix}, true, time.Unix(unix, 0).String(), createdAtHeader, ctx.CreatedAt},
+		{types.Container{Ports: []types.Port{{PrivatePort: 8080, PublicPort: 8080, Type: "tcp"}}}, true, "8080/tcp", portsHeader, ctx.Ports},
+		{types.Container{Status: "RUNNING"}, true, "RUNNING", statusHeader, ctx.Status},
+		{types.Container{SizeRw: 10}, true, "10 B", sizeHeader, ctx.Size},
+		{types.Container{SizeRw: 10, SizeRootFs: 20}, true, "10 B (virtual 20 B)", sizeHeader, ctx.Size},
+		{types.Container{}, true, "", labelsHeader, ctx.Labels},
+		{types.Container{Labels: map[string]string{"cpu": "6", "storage": "ssd"}}, true, "cpu=6,storage=ssd", labelsHeader, ctx.Labels},
+		{types.Container{Created: unix}, true, "About a minute", runningForHeader, ctx.RunningFor},
+	}
+
+	for _, c := range cases {
+		ctx = containerContext{c: c.container, trunc: c.trunc}
+		v := c.call()
+		if strings.Contains(v, ",") {
+			compareMultipleValues(t, v, c.expValue)
+		} else if v != c.expValue {
+			t.Fatalf("Expected %s, was %s\n", c.expValue, v)
+		}
+
+		h := ctx.fullHeader()
+		if h != c.expHeader {
+			t.Fatalf("Expected %s, was %s\n", c.expHeader, h)
+		}
+	}
+
+	c1 := types.Container{Labels: map[string]string{"com.docker.swarm.swarm-id": "33", "com.docker.swarm.node_name": "ubuntu"}}
+	ctx = containerContext{c: c1, trunc: true}
+
+	sid := ctx.Label("com.docker.swarm.swarm-id")
+	node := ctx.Label("com.docker.swarm.node_name")
+	if sid != "33" {
+		t.Fatalf("Expected 33, was %s\n", sid)
+	}
+
+	if node != "ubuntu" {
+		t.Fatalf("Expected ubuntu, was %s\n", node)
+	}
+
+	h := ctx.fullHeader()
+	if h != "SWARM ID\tNODE NAME" {
+		t.Fatalf("Expected %s, was %s\n", "SWARM ID\tNODE NAME", h)
+
+	}
+
+	c2 := types.Container{}
+	ctx = containerContext{c: c2, trunc: true}
+
+	label := ctx.Label("anything.really")
+	if label != "" {
+		t.Fatalf("Expected an empty string, was %s", label)
+	}
+
+	ctx = containerContext{c: c2, trunc: true}
+	fullHeader := ctx.fullHeader()
+	if fullHeader != "" {
+		t.Fatalf("Expected fullHeader to be empty, was %s", fullHeader)
+	}
+
+}
+
+func TestImagesContext(t *testing.T) {
+	imageID := stringid.GenerateRandomID()
+	unix := time.Now().Unix()
+
+	var ctx imageContext
+	cases := []struct {
+		imageCtx  imageContext
+		expValue  string
+		expHeader string
+		call      func() string
+	}{
+		{imageContext{
+			i:     types.Image{ID: imageID},
+			trunc: true,
+		}, stringid.TruncateID(imageID), imageIDHeader, ctx.ID},
+		{imageContext{
+			i:     types.Image{ID: imageID},
+			trunc: false,
+		}, imageID, imageIDHeader, ctx.ID},
+		{imageContext{
+			i:     types.Image{Size: 10},
+			trunc: true,
+		}, "10 B", sizeHeader, ctx.Size},
+		{imageContext{
+			i:     types.Image{Created: unix},
+			trunc: true,
+		}, time.Unix(unix, 0).String(), createdAtHeader, ctx.CreatedAt},
+		// FIXME
+		// {imageContext{
+		// 	i:     types.Image{Created: unix},
+		// 	trunc: true,
+		// }, units.HumanDuration(time.Unix(unix, 0)), createdSinceHeader, ctx.CreatedSince},
+		{imageContext{
+			i:    types.Image{},
+			repo: "busybox",
+		}, "busybox", repositoryHeader, ctx.Repository},
+		{imageContext{
+			i:   types.Image{},
+			tag: "latest",
+		}, "latest", tagHeader, ctx.Tag},
+		{imageContext{
+			i:      types.Image{},
+			digest: "sha256:d149ab53f8718e987c3a3024bb8aa0e2caadf6c0328f1d9d850b2a2a67f2819a",
+		}, "sha256:d149ab53f8718e987c3a3024bb8aa0e2caadf6c0328f1d9d850b2a2a67f2819a", digestHeader, ctx.Digest},
+	}
+
+	for _, c := range cases {
+		ctx = c.imageCtx
+		v := c.call()
+		if strings.Contains(v, ",") {
+			compareMultipleValues(t, v, c.expValue)
+		} else if v != c.expValue {
+			t.Fatalf("Expected %s, was %s\n", c.expValue, v)
+		}
+
+		h := ctx.fullHeader()
+		if h != c.expHeader {
+			t.Fatalf("Expected %s, was %s\n", c.expHeader, h)
+		}
+	}
+}
+
+func compareMultipleValues(t *testing.T, value, expected string) {
+	// comma-separated values means probably a map input, which won't
+	// be guaranteed to have the same order as our expected value
+	// We'll create maps and use reflect.DeepEquals to check instead:
+	entriesMap := make(map[string]string)
+	expMap := make(map[string]string)
+	entries := strings.Split(value, ",")
+	expectedEntries := strings.Split(expected, ",")
+	for _, entry := range entries {
+		keyval := strings.Split(entry, "=")
+		entriesMap[keyval[0]] = keyval[1]
+	}
+	for _, expected := range expectedEntries {
+		keyval := strings.Split(expected, "=")
+		expMap[keyval[0]] = keyval[1]
+	}
+	if !reflect.DeepEqual(expMap, entriesMap) {
+		t.Fatalf("Expected entries: %v, got: %v", expected, value)
+	}
+}
--- a/api/client/formatter/formatter.go
+++ b/api/client/formatter/formatter.go
@@ -0,0 +1,255 @@
+package formatter
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"strings"
+	"text/tabwriter"
+	"text/template"
+
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/utils/templates"
+	"github.com/docker/engine-api/types"
+)
+
+const (
+	tableFormatKey = "table"
+	rawFormatKey   = "raw"
+
+	defaultContainerTableFormat       = "table {{.ID}}\t{{.Image}}\t{{.Command}}\t{{.RunningFor}} ago\t{{.Status}}\t{{.Ports}}\t{{.Names}}"
+	defaultImageTableFormat           = "table {{.Repository}}\t{{.Tag}}\t{{.ID}}\t{{.CreatedSince}} ago\t{{.Size}}"
+	defaultImageTableFormatWithDigest = "table {{.Repository}}\t{{.Tag}}\t{{.Digest}}\t{{.ID}}\t{{.CreatedSince}} ago\t{{.Size}}"
+	defaultQuietFormat                = "{{.ID}}"
+)
+
+// Context contains information required by the formatter to print the output as desired.
+type Context struct {
+	// Output is the output stream to which the formatted string is written.
+	Output io.Writer
+	// Format is used to choose raw, table or custom format for the output.
+	Format string
+	// Quiet when set to true will simply print minimal information.
+	Quiet bool
+	// Trunc when set to true will truncate the output of certain fields such as Container ID.
+	Trunc bool
+
+	// internal element
+	table       bool
+	finalFormat string
+	header      string
+	buffer      *bytes.Buffer
+}
+
+func (c *Context) preformat() {
+	c.finalFormat = c.Format
+
+	if strings.HasPrefix(c.Format, tableKey) {
+		c.table = true
+		c.finalFormat = c.finalFormat[len(tableKey):]
+	}
+
+	c.finalFormat = strings.Trim(c.finalFormat, " ")
+	r := strings.NewReplacer(`\t`, "\t", `\n`, "\n")
+	c.finalFormat = r.Replace(c.finalFormat)
+}
+
+func (c *Context) parseFormat() (*template.Template, error) {
+	tmpl, err := templates.Parse(c.finalFormat)
+	if err != nil {
+		c.buffer.WriteString(fmt.Sprintf("Template parsing error: %v\n", err))
+		c.buffer.WriteTo(c.Output)
+	}
+	return tmpl, err
+}
+
+func (c *Context) postformat(tmpl *template.Template, subContext subContext) {
+	if c.table {
+		if len(c.header) == 0 {
+			// if we still don't have a header, we didn't have any containers so we need to fake it to get the right headers from the template
+			tmpl.Execute(bytes.NewBufferString(""), subContext)
+			c.header = subContext.fullHeader()
+		}
+
+		t := tabwriter.NewWriter(c.Output, 20, 1, 3, ' ', 0)
+		t.Write([]byte(c.header))
+		t.Write([]byte("\n"))
+		c.buffer.WriteTo(t)
+		t.Flush()
+	} else {
+		c.buffer.WriteTo(c.Output)
+	}
+}
+
+func (c *Context) contextFormat(tmpl *template.Template, subContext subContext) error {
+	if err := tmpl.Execute(c.buffer, subContext); err != nil {
+		c.buffer = bytes.NewBufferString(fmt.Sprintf("Template parsing error: %v\n", err))
+		c.buffer.WriteTo(c.Output)
+		return err
+	}
+	if c.table && len(c.header) == 0 {
+		c.header = subContext.fullHeader()
+	}
+	c.buffer.WriteString("\n")
+	return nil
+}
+
+// ContainerContext contains container specific information required by the formater, encapsulate a Context struct.
+type ContainerContext struct {
+	Context
+	// Size when set to true will display the size of the output.
+	Size bool
+	// Containers
+	Containers []types.Container
+}
+
+// ImageContext contains image specific information required by the formater, encapsulate a Context struct.
+type ImageContext struct {
+	Context
+	Digest bool
+	// Images
+	Images []types.Image
+}
+
+func (ctx ContainerContext) Write() {
+	switch ctx.Format {
+	case tableFormatKey:
+		ctx.Format = defaultContainerTableFormat
+		if ctx.Quiet {
+			ctx.Format = defaultQuietFormat
+		}
+	case rawFormatKey:
+		if ctx.Quiet {
+			ctx.Format = `container_id: {{.ID}}`
+		} else {
+			ctx.Format = `container_id: {{.ID}}
+image: {{.Image}}
+command: {{.Command}}
+created_at: {{.CreatedAt}}
+status: {{.Status}}
+names: {{.Names}}
+labels: {{.Labels}}
+ports: {{.Ports}}
+`
+			if ctx.Size {
+				ctx.Format += `size: {{.Size}}
+`
+			}
+		}
+	}
+
+	ctx.buffer = bytes.NewBufferString("")
+	ctx.preformat()
+	if ctx.table && ctx.Size {
+		ctx.finalFormat += "\t{{.Size}}"
+	}
+
+	tmpl, err := ctx.parseFormat()
+	if err != nil {
+		return
+	}
+
+	for _, container := range ctx.Containers {
+		containerCtx := &containerContext{
+			trunc: ctx.Trunc,
+			c:     container,
+		}
+		err = ctx.contextFormat(tmpl, containerCtx)
+		if err != nil {
+			return
+		}
+	}
+
+	ctx.postformat(tmpl, &containerContext{})
+}
+
+func (ctx ImageContext) Write() {
+	switch ctx.Format {
+	case tableFormatKey:
+		ctx.Format = defaultImageTableFormat
+		if ctx.Digest {
+			ctx.Format = defaultImageTableFormatWithDigest
+		}
+		if ctx.Quiet {
+			ctx.Format = defaultQuietFormat
+		}
+	case rawFormatKey:
+		if ctx.Quiet {
+			ctx.Format = `image_id: {{.ID}}`
+		} else {
+			if ctx.Digest {
+				ctx.Format = `repository: {{ .Repository }}
+tag: {{.Tag}}
+digest: {{.Digest}}
+image_id: {{.ID}}
+created_at: {{.CreatedAt}}
+virtual_size: {{.Size}}
+`
+			} else {
+				ctx.Format = `repository: {{ .Repository }}
+tag: {{.Tag}}
+image_id: {{.ID}}
+created_at: {{.CreatedAt}}
+virtual_size: {{.Size}}
+`
+			}
+		}
+	}
+
+	ctx.buffer = bytes.NewBufferString("")
+	ctx.preformat()
+	if ctx.table && ctx.Digest && !strings.Contains(ctx.Format, "{{.Digest}}") {
+		ctx.finalFormat += "\t{{.Digest}}"
+	}
+
+	tmpl, err := ctx.parseFormat()
+	if err != nil {
+		return
+	}
+
+	for _, image := range ctx.Images {
+
+		repoTags := image.RepoTags
+		repoDigests := image.RepoDigests
+
+		if len(repoTags) == 1 && repoTags[0] == "<none>:<none>" && len(repoDigests) == 1 && repoDigests[0] == "<none>@<none>" {
+			// dangling image - clear out either repoTags or repoDigests so we only show it once below
+			repoDigests = []string{}
+		}
+		// combine the tags and digests lists
+		tagsAndDigests := append(repoTags, repoDigests...)
+		for _, repoAndRef := range tagsAndDigests {
+			repo := "<none>"
+			tag := "<none>"
+			digest := "<none>"
+
+			if !strings.HasPrefix(repoAndRef, "<none>") {
+				ref, err := reference.ParseNamed(repoAndRef)
+				if err != nil {
+					continue
+				}
+				repo = ref.Name()
+
+				switch x := ref.(type) {
+				case reference.Canonical:
+					digest = x.Digest().String()
+				case reference.NamedTagged:
+					tag = x.Tag()
+				}
+			}
+			imageCtx := &imageContext{
+				trunc:  ctx.Trunc,
+				i:      image,
+				repo:   repo,
+				tag:    tag,
+				digest: digest,
+			}
+			err = ctx.contextFormat(tmpl, imageCtx)
+			if err != nil {
+				return
+			}
+		}
+	}
+
+	ctx.postformat(tmpl, &imageContext{})
+}
--- a/api/client/formatter/formatter_test.go
+++ b/api/client/formatter/formatter_test.go
@@ -0,0 +1,535 @@
+package formatter
+
+import (
+	"bytes"
+	"fmt"
+	"testing"
+	"time"
+
+	"github.com/docker/engine-api/types"
+)
+
+func TestContainerContextWrite(t *testing.T) {
+	unixTime := time.Now().AddDate(0, 0, -1).Unix()
+	expectedTime := time.Unix(unixTime, 0).String()
+
+	contexts := []struct {
+		context  ContainerContext
+		expected string
+	}{
+		// Errors
+		{
+			ContainerContext{
+				Context: Context{
+					Format: "{{InvalidFunction}}",
+				},
+			},
+			`Template parsing error: template: :1: function "InvalidFunction" not defined
+`,
+		},
+		{
+			ContainerContext{
+				Context: Context{
+					Format: "{{nil}}",
+				},
+			},
+			`Template parsing error: template: :1:2: executing "" at <nil>: nil is not a command
+`,
+		},
+		// Table Format
+		{
+			ContainerContext{
+				Context: Context{
+					Format: "table",
+				},
+			},
+			`CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
+containerID1        ubuntu              ""                  24 hours ago                                                foobar_baz
+containerID2        ubuntu              ""                  24 hours ago                                                foobar_bar
+`,
+		},
+		{
+			ContainerContext{
+				Context: Context{
+					Format: "table {{.Image}}",
+				},
+			},
+			"IMAGE\nubuntu\nubuntu\n",
+		},
+		{
+			ContainerContext{
+				Context: Context{
+					Format: "table {{.Image}}",
+				},
+				Size: true,
+			},
+			"IMAGE               SIZE\nubuntu              0 B\nubuntu              0 B\n",
+		},
+		{
+			ContainerContext{
+				Context: Context{
+					Format: "table {{.Image}}",
+					Quiet:  true,
+				},
+			},
+			"IMAGE\nubuntu\nubuntu\n",
+		},
+		{
+			ContainerContext{
+				Context: Context{
+					Format: "table",
+					Quiet:  true,
+				},
+			},
+			"containerID1\ncontainerID2\n",
+		},
+		// Raw Format
+		{
+			ContainerContext{
+				Context: Context{
+					Format: "raw",
+				},
+			},
+			fmt.Sprintf(`container_id: containerID1
+image: ubuntu
+command: ""
+created_at: %s
+status: 
+names: foobar_baz
+labels: 
+ports: 
+
+container_id: containerID2
+image: ubuntu
+command: ""
+created_at: %s
+status: 
+names: foobar_bar
+labels: 
+ports: 
+
+`, expectedTime, expectedTime),
+		},
+		{
+			ContainerContext{
+				Context: Context{
+					Format: "raw",
+				},
+				Size: true,
+			},
+			fmt.Sprintf(`container_id: containerID1
+image: ubuntu
+command: ""
+created_at: %s
+status: 
+names: foobar_baz
+labels: 
+ports: 
+size: 0 B
+
+container_id: containerID2
+image: ubuntu
+command: ""
+created_at: %s
+status: 
+names: foobar_bar
+labels: 
+ports: 
+size: 0 B
+
+`, expectedTime, expectedTime),
+		},
+		{
+			ContainerContext{
+				Context: Context{
+					Format: "raw",
+					Quiet:  true,
+				},
+			},
+			"container_id: containerID1\ncontainer_id: containerID2\n",
+		},
+		// Custom Format
+		{
+			ContainerContext{
+				Context: Context{
+					Format: "{{.Image}}",
+				},
+			},
+			"ubuntu\nubuntu\n",
+		},
+		{
+			ContainerContext{
+				Context: Context{
+					Format: "{{.Image}}",
+				},
+				Size: true,
+			},
+			"ubuntu\nubuntu\n",
+		},
+	}
+
+	for _, context := range contexts {
+		containers := []types.Container{
+			{ID: "containerID1", Names: []string{"/foobar_baz"}, Image: "ubuntu", Created: unixTime},
+			{ID: "containerID2", Names: []string{"/foobar_bar"}, Image: "ubuntu", Created: unixTime},
+		}
+		out := bytes.NewBufferString("")
+		context.context.Output = out
+		context.context.Containers = containers
+		context.context.Write()
+		actual := out.String()
+		if actual != context.expected {
+			t.Fatalf("Expected \n%s, got \n%s", context.expected, actual)
+		}
+		// Clean buffer
+		out.Reset()
+	}
+}
+
+func TestContainerContextWriteWithNoContainers(t *testing.T) {
+	out := bytes.NewBufferString("")
+	containers := []types.Container{}
+
+	contexts := []struct {
+		context  ContainerContext
+		expected string
+	}{
+		{
+			ContainerContext{
+				Context: Context{
+					Format: "{{.Image}}",
+					Output: out,
+				},
+			},
+			"",
+		},
+		{
+			ContainerContext{
+				Context: Context{
+					Format: "table {{.Image}}",
+					Output: out,
+				},
+			},
+			"IMAGE\n",
+		},
+		{
+			ContainerContext{
+				Context: Context{
+					Format: "{{.Image}}",
+					Output: out,
+				},
+				Size: true,
+			},
+			"",
+		},
+		{
+			ContainerContext{
+				Context: Context{
+					Format: "table {{.Image}}",
+					Output: out,
+				},
+				Size: true,
+			},
+			"IMAGE               SIZE\n",
+		},
+	}
+
+	for _, context := range contexts {
+		context.context.Containers = containers
+		context.context.Write()
+		actual := out.String()
+		if actual != context.expected {
+			t.Fatalf("Expected \n%s, got \n%s", context.expected, actual)
+		}
+		// Clean buffer
+		out.Reset()
+	}
+}
+
+func TestImageContextWrite(t *testing.T) {
+	unixTime := time.Now().AddDate(0, 0, -1).Unix()
+	expectedTime := time.Unix(unixTime, 0).String()
+
+	contexts := []struct {
+		context  ImageContext
+		expected string
+	}{
+		// Errors
+		{
+			ImageContext{
+				Context: Context{
+					Format: "{{InvalidFunction}}",
+				},
+			},
+			`Template parsing error: template: :1: function "InvalidFunction" not defined
+`,
+		},
+		{
+			ImageContext{
+				Context: Context{
+					Format: "{{nil}}",
+				},
+			},
+			`Template parsing error: template: :1:2: executing "" at <nil>: nil is not a command
+`,
+		},
+		// Table Format
+		{
+			ImageContext{
+				Context: Context{
+					Format: "table",
+				},
+			},
+			`REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
+image               tag1                imageID1            24 hours ago        0 B
+image               <none>              imageID1            24 hours ago        0 B
+image               tag2                imageID2            24 hours ago        0 B
+<none>              <none>              imageID3            24 hours ago        0 B
+`,
+		},
+		{
+			ImageContext{
+				Context: Context{
+					Format: "table {{.Repository}}",
+				},
+			},
+			"REPOSITORY\nimage\nimage\nimage\n<none>\n",
+		},
+		{
+			ImageContext{
+				Context: Context{
+					Format: "table {{.Repository}}",
+				},
+				Digest: true,
+			},
+			`REPOSITORY          DIGEST
+image               <none>
+image               sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf
+image               <none>
+<none>              <none>
+`,
+		},
+		{
+			ImageContext{
+				Context: Context{
+					Format: "table {{.Repository}}",
+					Quiet:  true,
+				},
+			},
+			"REPOSITORY\nimage\nimage\nimage\n<none>\n",
+		},
+		{
+			ImageContext{
+				Context: Context{
+					Format: "table",
+					Quiet:  true,
+				},
+			},
+			"imageID1\nimageID1\nimageID2\nimageID3\n",
+		},
+		{
+			ImageContext{
+				Context: Context{
+					Format: "table",
+					Quiet:  false,
+				},
+				Digest: true,
+			},
+			`REPOSITORY          TAG                 DIGEST                                                                    IMAGE ID            CREATED             SIZE
+image               tag1                <none>                                                                    imageID1            24 hours ago        0 B
+image               <none>              sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf   imageID1            24 hours ago        0 B
+image               tag2                <none>                                                                    imageID2            24 hours ago        0 B
+<none>              <none>              <none>                                                                    imageID3            24 hours ago        0 B
+`,
+		},
+		{
+			ImageContext{
+				Context: Context{
+					Format: "table",
+					Quiet:  true,
+				},
+				Digest: true,
+			},
+			"imageID1\nimageID1\nimageID2\nimageID3\n",
+		},
+		// Raw Format
+		{
+			ImageContext{
+				Context: Context{
+					Format: "raw",
+				},
+			},
+			fmt.Sprintf(`repository: image
+tag: tag1
+image_id: imageID1
+created_at: %s
+virtual_size: 0 B
+
+repository: image
+tag: <none>
+image_id: imageID1
+created_at: %s
+virtual_size: 0 B
+
+repository: image
+tag: tag2
+image_id: imageID2
+created_at: %s
+virtual_size: 0 B
+
+repository: <none>
+tag: <none>
+image_id: imageID3
+created_at: %s
+virtual_size: 0 B
+
+`, expectedTime, expectedTime, expectedTime, expectedTime),
+		},
+		{
+			ImageContext{
+				Context: Context{
+					Format: "raw",
+				},
+				Digest: true,
+			},
+			fmt.Sprintf(`repository: image
+tag: tag1
+digest: <none>
+image_id: imageID1
+created_at: %s
+virtual_size: 0 B
+
+repository: image
+tag: <none>
+digest: sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf
+image_id: imageID1
+created_at: %s
+virtual_size: 0 B
+
+repository: image
+tag: tag2
+digest: <none>
+image_id: imageID2
+created_at: %s
+virtual_size: 0 B
+
+repository: <none>
+tag: <none>
+digest: <none>
+image_id: imageID3
+created_at: %s
+virtual_size: 0 B
+
+`, expectedTime, expectedTime, expectedTime, expectedTime),
+		},
+		{
+			ImageContext{
+				Context: Context{
+					Format: "raw",
+					Quiet:  true,
+				},
+			},
+			`image_id: imageID1
+image_id: imageID1
+image_id: imageID2
+image_id: imageID3
+`,
+		},
+		// Custom Format
+		{
+			ImageContext{
+				Context: Context{
+					Format: "{{.Repository}}",
+				},
+			},
+			"image\nimage\nimage\n<none>\n",
+		},
+		{
+			ImageContext{
+				Context: Context{
+					Format: "{{.Repository}}",
+				},
+				Digest: true,
+			},
+			"image\nimage\nimage\n<none>\n",
+		},
+	}
+
+	for _, context := range contexts {
+		images := []types.Image{
+			{ID: "imageID1", RepoTags: []string{"image:tag1"}, RepoDigests: []string{"image@sha256:cbbf2f9a99b47fc460d422812b6a5adff7dfee951d8fa2e4a98caa0382cfbdbf"}, Created: unixTime},
+			{ID: "imageID2", RepoTags: []string{"image:tag2"}, Created: unixTime},
+			{ID: "imageID3", RepoTags: []string{"<none>:<none>"}, RepoDigests: []string{"<none>@<none>"}, Created: unixTime},
+		}
+		out := bytes.NewBufferString("")
+		context.context.Output = out
+		context.context.Images = images
+		context.context.Write()
+		actual := out.String()
+		if actual != context.expected {
+			t.Fatalf("Expected \n%s, got \n%s", context.expected, actual)
+		}
+		// Clean buffer
+		out.Reset()
+	}
+}
+
+func TestImageContextWriteWithNoImage(t *testing.T) {
+	out := bytes.NewBufferString("")
+	images := []types.Image{}
+
+	contexts := []struct {
+		context  ImageContext
+		expected string
+	}{
+		{
+			ImageContext{
+				Context: Context{
+					Format: "{{.Repository}}",
+					Output: out,
+				},
+			},
+			"",
+		},
+		{
+			ImageContext{
+				Context: Context{
+					Format: "table {{.Repository}}",
+					Output: out,
+				},
+			},
+			"REPOSITORY\n",
+		},
+		{
+			ImageContext{
+				Context: Context{
+					Format: "{{.Repository}}",
+					Output: out,
+				},
+				Digest: true,
+			},
+			"",
+		},
+		{
+			ImageContext{
+				Context: Context{
+					Format: "table {{.Repository}}",
+					Output: out,
+				},
+				Digest: true,
+			},
+			"REPOSITORY          DIGEST\n",
+		},
+	}
+
+	for _, context := range contexts {
+		context.context.Images = images
+		context.context.Write()
+		actual := out.String()
+		if actual != context.expected {
+			t.Fatalf("Expected \n%s, got \n%s", context.expected, actual)
+		}
+		// Clean buffer
+		out.Reset()
+	}
+}
--- a/api/client/hijack.go
+++ b/api/client/hijack.go
@@ -0,0 +1,56 @@
+package client
+
+import (
+	"io"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/stdcopy"
+	"github.com/docker/engine-api/types"
+)
+
+func (cli *DockerCli) holdHijackedConnection(tty bool, inputStream io.ReadCloser, outputStream, errorStream io.Writer, resp types.HijackedResponse) error {
+	var err error
+	receiveStdout := make(chan error, 1)
+	if outputStream != nil || errorStream != nil {
+		go func() {
+			// When TTY is ON, use regular copy
+			if tty && outputStream != nil {
+				_, err = io.Copy(outputStream, resp.Reader)
+			} else {
+				_, err = stdcopy.StdCopy(outputStream, errorStream, resp.Reader)
+			}
+			logrus.Debugf("[hijack] End of stdout")
+			receiveStdout <- err
+		}()
+	}
+
+	stdinDone := make(chan struct{})
+	go func() {
+		if inputStream != nil {
+			io.Copy(resp.Conn, inputStream)
+			logrus.Debugf("[hijack] End of stdin")
+		}
+
+		if err := resp.CloseWrite(); err != nil {
+			logrus.Debugf("Couldn't send EOF: %s", err)
+		}
+		close(stdinDone)
+	}()
+
+	select {
+	case err := <-receiveStdout:
+		if err != nil {
+			logrus.Debugf("Error receiveStdout: %s", err)
+			return err
+		}
+	case <-stdinDone:
+		if outputStream != nil || errorStream != nil {
+			if err := <-receiveStdout; err != nil {
+				logrus.Debugf("Error receiveStdout: %s", err)
+				return err
+			}
+		}
+	}
+
+	return nil
+}
--- a/api/client/history.go
+++ b/api/client/history.go
@@ -0,0 +1,76 @@
+package client
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+	"text/tabwriter"
+	"time"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/docker/docker/pkg/stringutils"
+	"github.com/docker/go-units"
+)
+
+// CmdHistory shows the history of an image.
+//
+// Usage: docker history [OPTIONS] IMAGE
+func (cli *DockerCli) CmdHistory(args ...string) error {
+	cmd := Cli.Subcmd("history", []string{"IMAGE"}, Cli.DockerCommands["history"].Description, true)
+	human := cmd.Bool([]string{"H", "-human"}, true, "Print sizes and dates in human readable format")
+	quiet := cmd.Bool([]string{"q", "-quiet"}, false, "Only show numeric IDs")
+	noTrunc := cmd.Bool([]string{"-no-trunc"}, false, "Don't truncate output")
+	cmd.Require(flag.Exact, 1)
+
+	cmd.ParseFlags(args, true)
+
+	history, err := cli.client.ImageHistory(context.Background(), cmd.Arg(0))
+	if err != nil {
+		return err
+	}
+
+	w := tabwriter.NewWriter(cli.out, 20, 1, 3, ' ', 0)
+
+	if *quiet {
+		for _, entry := range history {
+			if *noTrunc {
+				fmt.Fprintf(w, "%s\n", entry.ID)
+			} else {
+				fmt.Fprintf(w, "%s\n", stringid.TruncateID(entry.ID))
+			}
+		}
+		w.Flush()
+		return nil
+	}
+
+	var imageID string
+	var createdBy string
+	var created string
+	var size string
+
+	fmt.Fprintln(w, "IMAGE\tCREATED\tCREATED BY\tSIZE\tCOMMENT")
+	for _, entry := range history {
+		imageID = entry.ID
+		createdBy = strings.Replace(entry.CreatedBy, "\t", " ", -1)
+		if *noTrunc == false {
+			createdBy = stringutils.Truncate(createdBy, 45)
+			imageID = stringid.TruncateID(entry.ID)
+		}
+
+		if *human {
+			created = units.HumanDuration(time.Now().UTC().Sub(time.Unix(entry.Created, 0))) + " ago"
+			size = units.HumanSize(float64(entry.Size))
+		} else {
+			created = time.Unix(entry.Created, 0).Format(time.RFC3339)
+			size = strconv.FormatInt(entry.Size, 10)
+		}
+
+		fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%s\n", imageID, created, createdBy, size, entry.Comment)
+	}
+	w.Flush()
+	return nil
+}
--- a/api/client/images.go
+++ b/api/client/images.go
@@ -0,0 +1,81 @@
+package client
+
+import (
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client/formatter"
+	Cli "github.com/docker/docker/cli"
+	"github.com/docker/docker/opts"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/engine-api/types"
+	"github.com/docker/engine-api/types/filters"
+)
+
+// CmdImages lists the images in a specified repository, or all top-level images if no repository is specified.
+//
+// Usage: docker images [OPTIONS] [REPOSITORY]
+func (cli *DockerCli) CmdImages(args ...string) error {
+	cmd := Cli.Subcmd("images", []string{"[REPOSITORY[:TAG]]"}, Cli.DockerCommands["images"].Description, true)
+	quiet := cmd.Bool([]string{"q", "-quiet"}, false, "Only show numeric IDs")
+	all := cmd.Bool([]string{"a", "-all"}, false, "Show all images (default hides intermediate images)")
+	noTrunc := cmd.Bool([]string{"-no-trunc"}, false, "Don't truncate output")
+	showDigests := cmd.Bool([]string{"-digests"}, false, "Show digests")
+	format := cmd.String([]string{"-format"}, "", "Pretty-print images using a Go template")
+
+	flFilter := opts.NewListOpts(nil)
+	cmd.Var(&flFilter, []string{"f", "-filter"}, "Filter output based on conditions provided")
+	cmd.Require(flag.Max, 1)
+
+	cmd.ParseFlags(args, true)
+
+	// Consolidate all filter flags, and sanity check them early.
+	// They'll get process in the daemon/server.
+	imageFilterArgs := filters.NewArgs()
+	for _, f := range flFilter.GetAll() {
+		var err error
+		imageFilterArgs, err = filters.ParseFlag(f, imageFilterArgs)
+		if err != nil {
+			return err
+		}
+	}
+
+	var matchName string
+	if cmd.NArg() == 1 {
+		matchName = cmd.Arg(0)
+	}
+
+	options := types.ImageListOptions{
+		MatchName: matchName,
+		All:       *all,
+		Filters:   imageFilterArgs,
+	}
+
+	images, err := cli.client.ImageList(context.Background(), options)
+	if err != nil {
+		return err
+	}
+
+	f := *format
+	if len(f) == 0 {
+		if len(cli.ImagesFormat()) > 0 && !*quiet {
+			f = cli.ImagesFormat()
+		} else {
+			f = "table"
+		}
+	}
+
+	imagesCtx := formatter.ImageContext{
+		Context: formatter.Context{
+			Output: cli.out,
+			Format: f,
+			Quiet:  *quiet,
+			Trunc:  !*noTrunc,
+		},
+		Digest: *showDigests,
+		Images: images,
+	}
+
+	imagesCtx.Write()
+
+	return nil
+}
--- a/api/client/import.go
+++ b/api/client/import.go
@@ -0,0 +1,82 @@
+package client
+
+import (
+	"fmt"
+	"io"
+	"os"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/jsonmessage"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/urlutil"
+	"github.com/docker/docker/reference"
+	"github.com/docker/engine-api/types"
+)
+
+// CmdImport creates an empty filesystem image, imports the contents of the tarball into the image, and optionally tags the image.
+//
+// The URL argument is the address of a tarball (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) file or a path to local file relative to docker client. If the URL is '-', then the tar file is read from STDIN.
+//
+// Usage: docker import [OPTIONS] file|URL|- [REPOSITORY[:TAG]]
+func (cli *DockerCli) CmdImport(args ...string) error {
+	cmd := Cli.Subcmd("import", []string{"file|URL|- [REPOSITORY[:TAG]]"}, Cli.DockerCommands["import"].Description, true)
+	flChanges := opts.NewListOpts(nil)
+	cmd.Var(&flChanges, []string{"c", "-change"}, "Apply Dockerfile instruction to the created image")
+	message := cmd.String([]string{"m", "-message"}, "", "Set commit message for imported image")
+	cmd.Require(flag.Min, 1)
+
+	cmd.ParseFlags(args, true)
+
+	var (
+		in         io.Reader
+		tag        string
+		src        = cmd.Arg(0)
+		srcName    = src
+		repository = cmd.Arg(1)
+		changes    = flChanges.GetAll()
+	)
+
+	if cmd.NArg() == 3 {
+		fmt.Fprintf(cli.err, "[DEPRECATED] The format 'file|URL|- [REPOSITORY [TAG]]' has been deprecated. Please use file|URL|- [REPOSITORY[:TAG]]\n")
+		tag = cmd.Arg(2)
+	}
+
+	if repository != "" {
+		//Check if the given image name can be resolved
+		if _, err := reference.ParseNamed(repository); err != nil {
+			return err
+		}
+	}
+
+	if src == "-" {
+		in = cli.in
+	} else if !urlutil.IsURL(src) {
+		srcName = "-"
+		file, err := os.Open(src)
+		if err != nil {
+			return err
+		}
+		defer file.Close()
+		in = file
+	}
+
+	options := types.ImageImportOptions{
+		Source:         in,
+		SourceName:     srcName,
+		RepositoryName: repository,
+		Message:        *message,
+		Tag:            tag,
+		Changes:        changes,
+	}
+
+	responseBody, err := cli.client.ImageImport(context.Background(), options)
+	if err != nil {
+		return err
+	}
+	defer responseBody.Close()
+
+	return jsonmessage.DisplayJSONMessagesStream(responseBody, cli.out, cli.outFd, cli.isTerminalOut, nil)
+}
--- a/api/client/info.go
+++ b/api/client/info.go
@@ -0,0 +1,155 @@
+package client
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	"github.com/docker/docker/pkg/ioutils"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/utils"
+	"github.com/docker/go-units"
+)
+
+// CmdInfo displays system-wide information.
+//
+// Usage: docker info
+func (cli *DockerCli) CmdInfo(args ...string) error {
+	cmd := Cli.Subcmd("info", nil, Cli.DockerCommands["info"].Description, true)
+	cmd.Require(flag.Exact, 0)
+
+	cmd.ParseFlags(args, true)
+
+	info, err := cli.client.Info(context.Background())
+	if err != nil {
+		return err
+	}
+
+	fmt.Fprintf(cli.out, "Containers: %d\n", info.Containers)
+	fmt.Fprintf(cli.out, " Running: %d\n", info.ContainersRunning)
+	fmt.Fprintf(cli.out, " Paused: %d\n", info.ContainersPaused)
+	fmt.Fprintf(cli.out, " Stopped: %d\n", info.ContainersStopped)
+	fmt.Fprintf(cli.out, "Images: %d\n", info.Images)
+	ioutils.FprintfIfNotEmpty(cli.out, "Server Version: %s\n", info.ServerVersion)
+	ioutils.FprintfIfNotEmpty(cli.out, "Storage Driver: %s\n", info.Driver)
+	if info.DriverStatus != nil {
+		for _, pair := range info.DriverStatus {
+			fmt.Fprintf(cli.out, " %s: %s\n", pair[0], pair[1])
+
+			// print a warning if devicemapper is using a loopback file
+			if pair[0] == "Data loop file" {
+				fmt.Fprintln(cli.err, " WARNING: Usage of loopback devices is strongly discouraged for production use. Either use `--storage-opt dm.thinpooldev` or use `--storage-opt dm.no_warn_on_loop_devices=true` to suppress this warning.")
+			}
+		}
+
+	}
+	if info.SystemStatus != nil {
+		for _, pair := range info.SystemStatus {
+			fmt.Fprintf(cli.out, "%s: %s\n", pair[0], pair[1])
+		}
+	}
+	ioutils.FprintfIfNotEmpty(cli.out, "Execution Driver: %s\n", info.ExecutionDriver)
+	ioutils.FprintfIfNotEmpty(cli.out, "Logging Driver: %s\n", info.LoggingDriver)
+	ioutils.FprintfIfNotEmpty(cli.out, "Cgroup Driver: %s\n", info.CgroupDriver)
+
+	fmt.Fprintf(cli.out, "Plugins: \n")
+	fmt.Fprintf(cli.out, " Volume:")
+	fmt.Fprintf(cli.out, " %s", strings.Join(info.Plugins.Volume, " "))
+	fmt.Fprintf(cli.out, "\n")
+	fmt.Fprintf(cli.out, " Network:")
+	fmt.Fprintf(cli.out, " %s", strings.Join(info.Plugins.Network, " "))
+	fmt.Fprintf(cli.out, "\n")
+
+	if len(info.Plugins.Authorization) != 0 {
+		fmt.Fprintf(cli.out, " Authorization:")
+		fmt.Fprintf(cli.out, " %s", strings.Join(info.Plugins.Authorization, " "))
+		fmt.Fprintf(cli.out, "\n")
+	}
+
+	ioutils.FprintfIfNotEmpty(cli.out, "Kernel Version: %s\n", info.KernelVersion)
+	ioutils.FprintfIfNotEmpty(cli.out, "Operating System: %s\n", info.OperatingSystem)
+	ioutils.FprintfIfNotEmpty(cli.out, "OSType: %s\n", info.OSType)
+	ioutils.FprintfIfNotEmpty(cli.out, "Architecture: %s\n", info.Architecture)
+	fmt.Fprintf(cli.out, "CPUs: %d\n", info.NCPU)
+	fmt.Fprintf(cli.out, "Total Memory: %s\n", units.BytesSize(float64(info.MemTotal)))
+	ioutils.FprintfIfNotEmpty(cli.out, "Name: %s\n", info.Name)
+	ioutils.FprintfIfNotEmpty(cli.out, "ID: %s\n", info.ID)
+	fmt.Fprintf(cli.out, "Docker Root Dir: %s\n", info.DockerRootDir)
+	fmt.Fprintf(cli.out, "Debug mode (client): %v\n", utils.IsDebugEnabled())
+	fmt.Fprintf(cli.out, "Debug mode (server): %v\n", info.Debug)
+
+	if info.Debug {
+		fmt.Fprintf(cli.out, " File Descriptors: %d\n", info.NFd)
+		fmt.Fprintf(cli.out, " Goroutines: %d\n", info.NGoroutines)
+		fmt.Fprintf(cli.out, " System Time: %s\n", info.SystemTime)
+		fmt.Fprintf(cli.out, " EventsListeners: %d\n", info.NEventsListener)
+	}
+
+	ioutils.FprintfIfNotEmpty(cli.out, "Http Proxy: %s\n", info.HTTPProxy)
+	ioutils.FprintfIfNotEmpty(cli.out, "Https Proxy: %s\n", info.HTTPSProxy)
+	ioutils.FprintfIfNotEmpty(cli.out, "No Proxy: %s\n", info.NoProxy)
+
+	if info.IndexServerAddress != "" {
+		u := cli.configFile.AuthConfigs[info.IndexServerAddress].Username
+		if len(u) > 0 {
+			fmt.Fprintf(cli.out, "Username: %v\n", u)
+		}
+		fmt.Fprintf(cli.out, "Registry: %v\n", info.IndexServerAddress)
+	}
+
+	// Only output these warnings if the server does not support these features
+	if info.OSType != "windows" {
+		if !info.MemoryLimit {
+			fmt.Fprintln(cli.err, "WARNING: No memory limit support")
+		}
+		if !info.SwapLimit {
+			fmt.Fprintln(cli.err, "WARNING: No swap limit support")
+		}
+		if !info.KernelMemory {
+			fmt.Fprintln(cli.err, "WARNING: No kernel memory limit support")
+		}
+		if !info.OomKillDisable {
+			fmt.Fprintln(cli.err, "WARNING: No oom kill disable support")
+		}
+		if !info.CPUCfsQuota {
+			fmt.Fprintln(cli.err, "WARNING: No cpu cfs quota support")
+		}
+		if !info.CPUCfsPeriod {
+			fmt.Fprintln(cli.err, "WARNING: No cpu cfs period support")
+		}
+		if !info.CPUShares {
+			fmt.Fprintln(cli.err, "WARNING: No cpu shares support")
+		}
+		if !info.CPUSet {
+			fmt.Fprintln(cli.err, "WARNING: No cpuset support")
+		}
+		if !info.IPv4Forwarding {
+			fmt.Fprintln(cli.err, "WARNING: IPv4 forwarding is disabled")
+		}
+		if !info.BridgeNfIptables {
+			fmt.Fprintln(cli.err, "WARNING: bridge-nf-call-iptables is disabled")
+		}
+		if !info.BridgeNfIP6tables {
+			fmt.Fprintln(cli.err, "WARNING: bridge-nf-call-ip6tables is disabled")
+		}
+	}
+
+	if info.Labels != nil {
+		fmt.Fprintln(cli.out, "Labels:")
+		for _, attribute := range info.Labels {
+			fmt.Fprintf(cli.out, " %s\n", attribute)
+		}
+	}
+
+	ioutils.FprintfIfTrue(cli.out, "Experimental: %v\n", info.ExperimentalBuild)
+	if info.ClusterStore != "" {
+		fmt.Fprintf(cli.out, "Cluster store: %s\n", info.ClusterStore)
+	}
+
+	if info.ClusterAdvertise != "" {
+		fmt.Fprintf(cli.out, "Cluster advertise: %s\n", info.ClusterAdvertise)
+	}
+	return nil
+}
--- a/api/client/inspect.go
+++ b/api/client/inspect.go
@@ -0,0 +1,127 @@
+package client
+
+import (
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client/inspect"
+	Cli "github.com/docker/docker/cli"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/utils/templates"
+	"github.com/docker/engine-api/client"
+)
+
+// CmdInspect displays low-level information on one or more containers or images.
+//
+// Usage: docker inspect [OPTIONS] CONTAINER|IMAGE [CONTAINER|IMAGE...]
+func (cli *DockerCli) CmdInspect(args ...string) error {
+	cmd := Cli.Subcmd("inspect", []string{"CONTAINER|IMAGE [CONTAINER|IMAGE...]"}, Cli.DockerCommands["inspect"].Description, true)
+	tmplStr := cmd.String([]string{"f", "-format"}, "", "Format the output using the given go template")
+	inspectType := cmd.String([]string{"-type"}, "", "Return JSON for specified type, (e.g image or container)")
+	size := cmd.Bool([]string{"s", "-size"}, false, "Display total file sizes if the type is container")
+	cmd.Require(flag.Min, 1)
+
+	cmd.ParseFlags(args, true)
+
+	if *inspectType != "" && *inspectType != "container" && *inspectType != "image" {
+		return fmt.Errorf("%q is not a valid value for --type", *inspectType)
+	}
+
+	var elementSearcher inspectSearcher
+	switch *inspectType {
+	case "container":
+		elementSearcher = cli.inspectContainers(*size)
+	case "image":
+		elementSearcher = cli.inspectImages(*size)
+	default:
+		elementSearcher = cli.inspectAll(*size)
+	}
+
+	return cli.inspectElements(*tmplStr, cmd.Args(), elementSearcher)
+}
+
+func (cli *DockerCli) inspectContainers(getSize bool) inspectSearcher {
+	return func(ref string) (interface{}, []byte, error) {
+		return cli.client.ContainerInspectWithRaw(context.Background(), ref, getSize)
+	}
+}
+
+func (cli *DockerCli) inspectImages(getSize bool) inspectSearcher {
+	return func(ref string) (interface{}, []byte, error) {
+		return cli.client.ImageInspectWithRaw(context.Background(), ref, getSize)
+	}
+}
+
+func (cli *DockerCli) inspectAll(getSize bool) inspectSearcher {
+	return func(ref string) (interface{}, []byte, error) {
+		c, rawContainer, err := cli.client.ContainerInspectWithRaw(context.Background(), ref, getSize)
+		if err != nil {
+			// Search for image with that id if a container doesn't exist.
+			if client.IsErrContainerNotFound(err) {
+				i, rawImage, err := cli.client.ImageInspectWithRaw(context.Background(), ref, getSize)
+				if err != nil {
+					if client.IsErrImageNotFound(err) {
+						return nil, nil, fmt.Errorf("Error: No such image or container: %s", ref)
+					}
+					return nil, nil, err
+				}
+				return i, rawImage, err
+			}
+			return nil, nil, err
+		}
+		return c, rawContainer, err
+	}
+}
+
+type inspectSearcher func(ref string) (interface{}, []byte, error)
+
+func (cli *DockerCli) inspectElements(tmplStr string, references []string, searchByReference inspectSearcher) error {
+	elementInspector, err := cli.newInspectorWithTemplate(tmplStr)
+	if err != nil {
+		return Cli.StatusError{StatusCode: 64, Status: err.Error()}
+	}
+
+	var inspectErr error
+	for _, ref := range references {
+		element, raw, err := searchByReference(ref)
+		if err != nil {
+			inspectErr = err
+			break
+		}
+
+		if err := elementInspector.Inspect(element, raw); err != nil {
+			inspectErr = err
+			break
+		}
+	}
+
+	if err := elementInspector.Flush(); err != nil {
+		cli.inspectErrorStatus(err)
+	}
+
+	if status := cli.inspectErrorStatus(inspectErr); status != 0 {
+		return Cli.StatusError{StatusCode: status}
+	}
+	return nil
+}
+
+func (cli *DockerCli) inspectErrorStatus(err error) (status int) {
+	if err != nil {
+		fmt.Fprintf(cli.err, "%s\n", err)
+		status = 1
+	}
+	return
+}
+
+func (cli *DockerCli) newInspectorWithTemplate(tmplStr string) (inspect.Inspector, error) {
+	elementInspector := inspect.NewIndentedInspector(cli.out)
+	if tmplStr != "" {
+		tmpl, err := templates.Parse(tmplStr)
+		if err != nil {
+			return nil, fmt.Errorf("Template parsing error: %s", err)
+		}
+		elementInspector = inspect.NewTemplateInspector(cli.out, tmpl)
+	}
+	return elementInspector, nil
+}
--- a/api/client/inspect/inspector.go
+++ b/api/client/inspect/inspector.go
@@ -0,0 +1,119 @@
+package inspect
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"text/template"
+)
+
+// Inspector defines an interface to implement to process elements
+type Inspector interface {
+	Inspect(typedElement interface{}, rawElement []byte) error
+	Flush() error
+}
+
+// TemplateInspector uses a text template to inspect elements.
+type TemplateInspector struct {
+	outputStream io.Writer
+	buffer       *bytes.Buffer
+	tmpl         *template.Template
+}
+
+// NewTemplateInspector creates a new inspector with a template.
+func NewTemplateInspector(outputStream io.Writer, tmpl *template.Template) Inspector {
+	return &TemplateInspector{
+		outputStream: outputStream,
+		buffer:       new(bytes.Buffer),
+		tmpl:         tmpl,
+	}
+}
+
+// Inspect executes the inspect template.
+// It decodes the raw element into a map if the initial execution fails.
+// This allows docker cli to parse inspect structs injected with Swarm fields.
+func (i *TemplateInspector) Inspect(typedElement interface{}, rawElement []byte) error {
+	buffer := new(bytes.Buffer)
+	if err := i.tmpl.Execute(buffer, typedElement); err != nil {
+		if rawElement == nil {
+			return fmt.Errorf("Template parsing error: %v", err)
+		}
+		return i.tryRawInspectFallback(rawElement, err)
+	}
+	i.buffer.Write(buffer.Bytes())
+	i.buffer.WriteByte('\n')
+	return nil
+}
+
+// Flush write the result of inspecting all elements into the output stream.
+func (i *TemplateInspector) Flush() error {
+	if i.buffer.Len() == 0 {
+		_, err := io.WriteString(i.outputStream, "\n")
+		return err
+	}
+	_, err := io.Copy(i.outputStream, i.buffer)
+	return err
+}
+
+// IndentedInspector uses a buffer to stop the indented representation of an element.
+type IndentedInspector struct {
+	outputStream io.Writer
+	elements     []interface{}
+	rawElements  [][]byte
+}
+
+// NewIndentedInspector generates a new IndentedInspector.
+func NewIndentedInspector(outputStream io.Writer) Inspector {
+	return &IndentedInspector{
+		outputStream: outputStream,
+	}
+}
+
+// Inspect writes the raw element with an indented json format.
+func (i *IndentedInspector) Inspect(typedElement interface{}, rawElement []byte) error {
+	if rawElement != nil {
+		i.rawElements = append(i.rawElements, rawElement)
+	} else {
+		i.elements = append(i.elements, typedElement)
+	}
+	return nil
+}
+
+// Flush write the result of inspecting all elements into the output stream.
+func (i *IndentedInspector) Flush() error {
+	if len(i.elements) == 0 && len(i.rawElements) == 0 {
+		_, err := io.WriteString(i.outputStream, "[]\n")
+		return err
+	}
+
+	var buffer io.Reader
+	if len(i.rawElements) > 0 {
+		bytesBuffer := new(bytes.Buffer)
+		bytesBuffer.WriteString("[")
+		for idx, r := range i.rawElements {
+			bytesBuffer.Write(r)
+			if idx < len(i.rawElements)-1 {
+				bytesBuffer.WriteString(",")
+			}
+		}
+		bytesBuffer.WriteString("]")
+		indented := new(bytes.Buffer)
+		if err := json.Indent(indented, bytesBuffer.Bytes(), "", "    "); err != nil {
+			return err
+		}
+		buffer = indented
+	} else {
+		b, err := json.MarshalIndent(i.elements, "", "    ")
+		if err != nil {
+			return err
+		}
+		buffer = bytes.NewReader(b)
+	}
+
+	if _, err := io.Copy(i.outputStream, buffer); err != nil {
+		return err
+	}
+	_, err := io.WriteString(i.outputStream, "\n")
+	return err
+}
--- a/api/client/inspect/inspector_go14.go
+++ b/api/client/inspect/inspector_go14.go
@@ -0,0 +1,40 @@
+// +build !go1.5
+
+package inspect
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"strings"
+)
+
+// tryeRawInspectFallback executes the inspect template with a raw interface.
+// This allows docker cli to parse inspect structs injected with Swarm fields.
+// Unfortunately, go 1.4 doesn't fail executing invalid templates when the input is an interface.
+// It doesn't allow to modify this behavior either, sending <no value> messages to the output.
+// We assume that the template is invalid when there is a <no value>, if the template was valid
+// we'd get <nil> or "" values. In that case we fail with the original error raised executing the
+// template with the typed input.
+func (i *TemplateInspector) tryRawInspectFallback(rawElement []byte, originalErr error) error {
+	var raw interface{}
+	buffer := new(bytes.Buffer)
+	rdr := bytes.NewReader(rawElement)
+	dec := json.NewDecoder(rdr)
+
+	if rawErr := dec.Decode(&raw); rawErr != nil {
+		return fmt.Errorf("unable to read inspect data: %v", rawErr)
+	}
+
+	if rawErr := i.tmpl.Execute(buffer, raw); rawErr != nil {
+		return fmt.Errorf("Template parsing error: %v", rawErr)
+	}
+
+	if strings.Contains(buffer.String(), "<no value>") {
+		return fmt.Errorf("Template parsing error: %v", originalErr)
+	}
+
+	i.buffer.Write(buffer.Bytes())
+	i.buffer.WriteByte('\n')
+	return nil
+}
--- a/api/client/inspect/inspector_go15.go
+++ b/api/client/inspect/inspector_go15.go
@@ -0,0 +1,29 @@
+// +build go1.5
+
+package inspect
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+)
+
+func (i *TemplateInspector) tryRawInspectFallback(rawElement []byte, _ error) error {
+	var raw interface{}
+	buffer := new(bytes.Buffer)
+	rdr := bytes.NewReader(rawElement)
+	dec := json.NewDecoder(rdr)
+
+	if rawErr := dec.Decode(&raw); rawErr != nil {
+		return fmt.Errorf("unable to read inspect data: %v", rawErr)
+	}
+
+	tmplMissingKey := i.tmpl.Option("missingkey=error")
+	if rawErr := tmplMissingKey.Execute(buffer, raw); rawErr != nil {
+		return fmt.Errorf("Template parsing error: %v", rawErr)
+	}
+
+	i.buffer.Write(buffer.Bytes())
+	i.buffer.WriteByte('\n')
+	return nil
+}
--- a/cli/command/inspect/inspector_test.go
+++ b/cli/command/inspect/inspector_test.go
--- a/api/client/kill.go
+++ b/api/client/kill.go
@@ -0,0 +1,35 @@
+package client
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdKill kills one or more running container using SIGKILL or a specified signal.
+//
+// Usage: docker kill [OPTIONS] CONTAINER [CONTAINER...]
+func (cli *DockerCli) CmdKill(args ...string) error {
+	cmd := Cli.Subcmd("kill", []string{"CONTAINER [CONTAINER...]"}, Cli.DockerCommands["kill"].Description, true)
+	signal := cmd.String([]string{"s", "-signal"}, "KILL", "Signal to send to the container")
+	cmd.Require(flag.Min, 1)
+
+	cmd.ParseFlags(args, true)
+
+	var errs []string
+	for _, name := range cmd.Args() {
+		if err := cli.client.ContainerKill(context.Background(), name, *signal); err != nil {
+			errs = append(errs, err.Error())
+		} else {
+			fmt.Fprintf(cli.out, "%s\n", name)
+		}
+	}
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+	return nil
+}
--- a/api/client/load.go
+++ b/api/client/load.go
@@ -0,0 +1,50 @@
+package client
+
+import (
+	"io"
+	"os"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	"github.com/docker/docker/pkg/jsonmessage"
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdLoad loads an image from a tar archive.
+//
+// The tar archive is read from STDIN by default, or from a tar archive file.
+//
+// Usage: docker load [OPTIONS]
+func (cli *DockerCli) CmdLoad(args ...string) error {
+	cmd := Cli.Subcmd("load", nil, Cli.DockerCommands["load"].Description, true)
+	infile := cmd.String([]string{"i", "-input"}, "", "Read from a tar archive file, instead of STDIN")
+	quiet := cmd.Bool([]string{"q", "-quiet"}, false, "Suppress the load output")
+	cmd.Require(flag.Exact, 0)
+	cmd.ParseFlags(args, true)
+
+	var input io.Reader = cli.in
+	if *infile != "" {
+		file, err := os.Open(*infile)
+		if err != nil {
+			return err
+		}
+		defer file.Close()
+		input = file
+	}
+	if !cli.isTerminalOut {
+		*quiet = true
+	}
+	response, err := cli.client.ImageLoad(context.Background(), input, *quiet)
+	if err != nil {
+		return err
+	}
+	defer response.Body.Close()
+
+	if response.Body != nil && response.JSON {
+		return jsonmessage.DisplayJSONMessagesStream(response.Body, cli.out, cli.outFd, cli.isTerminalOut, nil)
+	}
+
+	_, err = io.Copy(cli.out, response.Body)
+	return err
+}
--- a/api/client/login.go
+++ b/api/client/login.go
@@ -0,0 +1,177 @@
+package client
+
+import (
+	"bufio"
+	"fmt"
+	"io"
+	"os"
+	"runtime"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	"github.com/docker/docker/cliconfig"
+	"github.com/docker/docker/cliconfig/credentials"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/term"
+	"github.com/docker/engine-api/types"
+)
+
+// CmdLogin logs in a user to a Docker registry service.
+//
+// If no server is specified, the user will be logged into or registered to the registry's index server.
+//
+// Usage: docker login SERVER
+func (cli *DockerCli) CmdLogin(args ...string) error {
+	cmd := Cli.Subcmd("login", []string{"[SERVER]"}, Cli.DockerCommands["login"].Description+".\nIf no server is specified, the default is defined by the daemon.", true)
+	cmd.Require(flag.Max, 1)
+
+	flUser := cmd.String([]string{"u", "-username"}, "", "Username")
+	flPassword := cmd.String([]string{"p", "-password"}, "", "Password")
+
+	// Deprecated in 1.11: Should be removed in docker 1.13
+	cmd.String([]string{"#e", "#-email"}, "", "Email")
+
+	cmd.ParseFlags(args, true)
+
+	// On Windows, force the use of the regular OS stdin stream. Fixes #14336/#14210
+	if runtime.GOOS == "windows" {
+		cli.in = os.Stdin
+	}
+
+	var serverAddress string
+	var isDefaultRegistry bool
+	if len(cmd.Args()) > 0 {
+		serverAddress = cmd.Arg(0)
+	} else {
+		serverAddress = cli.electAuthServer()
+		isDefaultRegistry = true
+	}
+
+	authConfig, err := cli.configureAuth(*flUser, *flPassword, serverAddress, isDefaultRegistry)
+	if err != nil {
+		return err
+	}
+
+	response, err := cli.client.RegistryLogin(context.Background(), authConfig)
+	if err != nil {
+		return err
+	}
+
+	if response.IdentityToken != "" {
+		authConfig.Password = ""
+		authConfig.IdentityToken = response.IdentityToken
+	}
+	if err := storeCredentials(cli.configFile, authConfig); err != nil {
+		return fmt.Errorf("Error saving credentials: %v", err)
+	}
+
+	if response.Status != "" {
+		fmt.Fprintln(cli.out, response.Status)
+	}
+	return nil
+}
+
+func (cli *DockerCli) promptWithDefault(prompt string, configDefault string) {
+	if configDefault == "" {
+		fmt.Fprintf(cli.out, "%s: ", prompt)
+	} else {
+		fmt.Fprintf(cli.out, "%s (%s): ", prompt, configDefault)
+	}
+}
+
+func (cli *DockerCli) configureAuth(flUser, flPassword, serverAddress string, isDefaultRegistry bool) (types.AuthConfig, error) {
+	authconfig, err := getCredentials(cli.configFile, serverAddress)
+	if err != nil {
+		return authconfig, err
+	}
+
+	authconfig.Username = strings.TrimSpace(authconfig.Username)
+
+	if flUser = strings.TrimSpace(flUser); flUser == "" {
+		if isDefaultRegistry {
+			// if this is a defauly registry (docker hub), then display the following message.
+			fmt.Fprintln(cli.out, "Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.")
+		}
+		cli.promptWithDefault("Username", authconfig.Username)
+		flUser = readInput(cli.in, cli.out)
+		flUser = strings.TrimSpace(flUser)
+		if flUser == "" {
+			flUser = authconfig.Username
+		}
+	}
+
+	if flUser == "" {
+		return authconfig, fmt.Errorf("Error: Non-null Username Required")
+	}
+
+	if flPassword == "" {
+		oldState, err := term.SaveState(cli.inFd)
+		if err != nil {
+			return authconfig, err
+		}
+		fmt.Fprintf(cli.out, "Password: ")
+		term.DisableEcho(cli.inFd, oldState)
+
+		flPassword = readInput(cli.in, cli.out)
+		fmt.Fprint(cli.out, "\n")
+
+		term.RestoreTerminal(cli.inFd, oldState)
+		if flPassword == "" {
+			return authconfig, fmt.Errorf("Error: Password Required")
+		}
+	}
+
+	authconfig.Username = flUser
+	authconfig.Password = flPassword
+	authconfig.ServerAddress = serverAddress
+	authconfig.IdentityToken = ""
+
+	return authconfig, nil
+}
+
+func readInput(in io.Reader, out io.Writer) string {
+	reader := bufio.NewReader(in)
+	line, _, err := reader.ReadLine()
+	if err != nil {
+		fmt.Fprintln(out, err.Error())
+		os.Exit(1)
+	}
+	return string(line)
+}
+
+// getCredentials loads the user credentials from a credentials store.
+// The store is determined by the config file settings.
+func getCredentials(c *cliconfig.ConfigFile, serverAddress string) (types.AuthConfig, error) {
+	s := loadCredentialsStore(c)
+	return s.Get(serverAddress)
+}
+
+func getAllCredentials(c *cliconfig.ConfigFile) (map[string]types.AuthConfig, error) {
+	s := loadCredentialsStore(c)
+	return s.GetAll()
+}
+
+// storeCredentials saves the user credentials in a credentials store.
+// The store is determined by the config file settings.
+func storeCredentials(c *cliconfig.ConfigFile, auth types.AuthConfig) error {
+	s := loadCredentialsStore(c)
+	return s.Store(auth)
+}
+
+// eraseCredentials removes the user credentials from a credentials store.
+// The store is determined by the config file settings.
+func eraseCredentials(c *cliconfig.ConfigFile, serverAddress string) error {
+	s := loadCredentialsStore(c)
+	return s.Erase(serverAddress)
+}
+
+// loadCredentialsStore initializes a new credentials store based
+// in the settings provided in the configuration file.
+func loadCredentialsStore(c *cliconfig.ConfigFile) credentials.Store {
+	if c.CredentialsStore != "" {
+		return credentials.NewNativeStore(c)
+	}
+	return credentials.NewFileStore(c)
+}
--- a/api/client/logout.go
+++ b/api/client/logout.go
@@ -0,0 +1,41 @@
+package client
+
+import (
+	"fmt"
+
+	Cli "github.com/docker/docker/cli"
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdLogout logs a user out from a Docker registry.
+//
+// If no server is specified, the user will be logged out from the registry's index server.
+//
+// Usage: docker logout [SERVER]
+func (cli *DockerCli) CmdLogout(args ...string) error {
+	cmd := Cli.Subcmd("logout", []string{"[SERVER]"}, Cli.DockerCommands["logout"].Description+".\nIf no server is specified, the default is defined by the daemon.", true)
+	cmd.Require(flag.Max, 1)
+
+	cmd.ParseFlags(args, true)
+
+	var serverAddress string
+	if len(cmd.Args()) > 0 {
+		serverAddress = cmd.Arg(0)
+	} else {
+		serverAddress = cli.electAuthServer()
+	}
+
+	// check if we're logged in based on the records in the config file
+	// which means it couldn't have user/pass cause they may be in the creds store
+	if _, ok := cli.configFile.AuthConfigs[serverAddress]; !ok {
+		fmt.Fprintf(cli.out, "Not logged in to %s\n", serverAddress)
+		return nil
+	}
+
+	fmt.Fprintf(cli.out, "Remove login credentials for %s\n", serverAddress)
+	if err := eraseCredentials(cli.configFile, serverAddress); err != nil {
+		fmt.Fprintf(cli.out, "WARNING: could not erase credentials: %v\n", err)
+	}
+
+	return nil
+}
--- a/api/client/logs.go
+++ b/api/client/logs.go
@@ -0,0 +1,65 @@
+package client
+
+import (
+	"fmt"
+	"io"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/stdcopy"
+	"github.com/docker/engine-api/types"
+)
+
+var validDrivers = map[string]bool{
+	"json-file": true,
+	"journald":  true,
+}
+
+// CmdLogs fetches the logs of a given container.
+//
+// docker logs [OPTIONS] CONTAINER
+func (cli *DockerCli) CmdLogs(args ...string) error {
+	cmd := Cli.Subcmd("logs", []string{"CONTAINER"}, Cli.DockerCommands["logs"].Description, true)
+	follow := cmd.Bool([]string{"f", "-follow"}, false, "Follow log output")
+	since := cmd.String([]string{"-since"}, "", "Show logs since timestamp")
+	times := cmd.Bool([]string{"t", "-timestamps"}, false, "Show timestamps")
+	tail := cmd.String([]string{"-tail"}, "all", "Number of lines to show from the end of the logs")
+	cmd.Require(flag.Exact, 1)
+
+	cmd.ParseFlags(args, true)
+
+	name := cmd.Arg(0)
+
+	c, err := cli.client.ContainerInspect(context.Background(), name)
+	if err != nil {
+		return err
+	}
+
+	if !validDrivers[c.HostConfig.LogConfig.Type] {
+		return fmt.Errorf("\"logs\" command is supported only for \"json-file\" and \"journald\" logging drivers (got: %s)", c.HostConfig.LogConfig.Type)
+	}
+
+	options := types.ContainerLogsOptions{
+		ContainerID: name,
+		ShowStdout:  true,
+		ShowStderr:  true,
+		Since:       *since,
+		Timestamps:  *times,
+		Follow:      *follow,
+		Tail:        *tail,
+	}
+	responseBody, err := cli.client.ContainerLogs(context.Background(), options)
+	if err != nil {
+		return err
+	}
+	defer responseBody.Close()
+
+	if c.Config.Tty {
+		_, err = io.Copy(cli.out, responseBody)
+	} else {
+		_, err = stdcopy.StdCopy(cli.out, cli.err, responseBody)
+	}
+	return err
+}
--- a/api/client/network.go
+++ b/api/client/network.go
@@ -0,0 +1,392 @@
+package client
+
+import (
+	"fmt"
+	"net"
+	"sort"
+	"strings"
+	"text/tabwriter"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	"github.com/docker/docker/opts"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/stringid"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/docker/engine-api/types"
+	"github.com/docker/engine-api/types/filters"
+	"github.com/docker/engine-api/types/network"
+)
+
+// CmdNetwork is the parent subcommand for all network commands
+//
+// Usage: docker network <COMMAND> [OPTIONS]
+func (cli *DockerCli) CmdNetwork(args ...string) error {
+	cmd := Cli.Subcmd("network", []string{"COMMAND [OPTIONS]"}, networkUsage(), false)
+	cmd.Require(flag.Min, 1)
+	err := cmd.ParseFlags(args, true)
+	cmd.Usage()
+	return err
+}
+
+// CmdNetworkCreate creates a new network with a given name
+//
+// Usage: docker network create [OPTIONS] <NETWORK-NAME>
+func (cli *DockerCli) CmdNetworkCreate(args ...string) error {
+	cmd := Cli.Subcmd("network create", []string{"NETWORK-NAME"}, "Creates a new network with a name specified by the user", false)
+	flDriver := cmd.String([]string{"d", "-driver"}, "bridge", "Driver to manage the Network")
+	flOpts := opts.NewMapOpts(nil, nil)
+
+	flIpamDriver := cmd.String([]string{"-ipam-driver"}, "default", "IP Address Management Driver")
+	flIpamSubnet := opts.NewListOpts(nil)
+	flIpamIPRange := opts.NewListOpts(nil)
+	flIpamGateway := opts.NewListOpts(nil)
+	flIpamAux := opts.NewMapOpts(nil, nil)
+	flIpamOpt := opts.NewMapOpts(nil, nil)
+	flLabels := opts.NewListOpts(nil)
+
+	cmd.Var(&flIpamSubnet, []string{"-subnet"}, "subnet in CIDR format that represents a network segment")
+	cmd.Var(&flIpamIPRange, []string{"-ip-range"}, "allocate container ip from a sub-range")
+	cmd.Var(&flIpamGateway, []string{"-gateway"}, "ipv4 or ipv6 Gateway for the master subnet")
+	cmd.Var(flIpamAux, []string{"-aux-address"}, "auxiliary ipv4 or ipv6 addresses used by Network driver")
+	cmd.Var(flOpts, []string{"o", "-opt"}, "set driver specific options")
+	cmd.Var(flIpamOpt, []string{"-ipam-opt"}, "set IPAM driver specific options")
+	cmd.Var(&flLabels, []string{"-label"}, "set metadata on a network")
+
+	flInternal := cmd.Bool([]string{"-internal"}, false, "restricts external access to the network")
+	flIPv6 := cmd.Bool([]string{"-ipv6"}, false, "enable IPv6 networking")
+
+	cmd.Require(flag.Exact, 1)
+	err := cmd.ParseFlags(args, true)
+	if err != nil {
+		return err
+	}
+
+	// Set the default driver to "" if the user didn't set the value.
+	// That way we can know whether it was user input or not.
+	driver := *flDriver
+	if !cmd.IsSet("-driver") && !cmd.IsSet("d") {
+		driver = ""
+	}
+
+	ipamCfg, err := consolidateIpam(flIpamSubnet.GetAll(), flIpamIPRange.GetAll(), flIpamGateway.GetAll(), flIpamAux.GetAll())
+	if err != nil {
+		return err
+	}
+
+	// Construct network create request body
+	nc := types.NetworkCreate{
+		Name:           cmd.Arg(0),
+		Driver:         driver,
+		IPAM:           network.IPAM{Driver: *flIpamDriver, Config: ipamCfg, Options: flIpamOpt.GetAll()},
+		Options:        flOpts.GetAll(),
+		CheckDuplicate: true,
+		Internal:       *flInternal,
+		EnableIPv6:     *flIPv6,
+		Labels:         runconfigopts.ConvertKVStringsToMap(flLabels.GetAll()),
+	}
+
+	resp, err := cli.client.NetworkCreate(context.Background(), nc)
+	if err != nil {
+		return err
+	}
+	fmt.Fprintf(cli.out, "%s\n", resp.ID)
+	return nil
+}
+
+// CmdNetworkRm deletes one or more networks
+//
+// Usage: docker network rm NETWORK-NAME|NETWORK-ID [NETWORK-NAME|NETWORK-ID...]
+func (cli *DockerCli) CmdNetworkRm(args ...string) error {
+	cmd := Cli.Subcmd("network rm", []string{"NETWORK [NETWORK...]"}, "Deletes one or more networks", false)
+	cmd.Require(flag.Min, 1)
+	if err := cmd.ParseFlags(args, true); err != nil {
+		return err
+	}
+
+	status := 0
+	for _, net := range cmd.Args() {
+		if err := cli.client.NetworkRemove(context.Background(), net); err != nil {
+			fmt.Fprintf(cli.err, "%s\n", err)
+			status = 1
+			continue
+		}
+	}
+	if status != 0 {
+		return Cli.StatusError{StatusCode: status}
+	}
+	return nil
+}
+
+// CmdNetworkConnect connects a container to a network
+//
+// Usage: docker network connect [OPTIONS] <NETWORK> <CONTAINER>
+func (cli *DockerCli) CmdNetworkConnect(args ...string) error {
+	cmd := Cli.Subcmd("network connect", []string{"NETWORK CONTAINER"}, "Connects a container to a network", false)
+	flIPAddress := cmd.String([]string{"-ip"}, "", "IP Address")
+	flIPv6Address := cmd.String([]string{"-ip6"}, "", "IPv6 Address")
+	flLinks := opts.NewListOpts(runconfigopts.ValidateLink)
+	cmd.Var(&flLinks, []string{"-link"}, "Add link to another container")
+	flAliases := opts.NewListOpts(nil)
+	cmd.Var(&flAliases, []string{"-alias"}, "Add network-scoped alias for the container")
+	cmd.Require(flag.Min, 2)
+	if err := cmd.ParseFlags(args, true); err != nil {
+		return err
+	}
+	epConfig := &network.EndpointSettings{
+		IPAMConfig: &network.EndpointIPAMConfig{
+			IPv4Address: *flIPAddress,
+			IPv6Address: *flIPv6Address,
+		},
+		Links:   flLinks.GetAll(),
+		Aliases: flAliases.GetAll(),
+	}
+	return cli.client.NetworkConnect(context.Background(), cmd.Arg(0), cmd.Arg(1), epConfig)
+}
+
+// CmdNetworkDisconnect disconnects a container from a network
+//
+// Usage: docker network disconnect <NETWORK> <CONTAINER>
+func (cli *DockerCli) CmdNetworkDisconnect(args ...string) error {
+	cmd := Cli.Subcmd("network disconnect", []string{"NETWORK CONTAINER"}, "Disconnects container from a network", false)
+	force := cmd.Bool([]string{"f", "-force"}, false, "Force the container to disconnect from a network")
+	cmd.Require(flag.Exact, 2)
+	if err := cmd.ParseFlags(args, true); err != nil {
+		return err
+	}
+
+	return cli.client.NetworkDisconnect(context.Background(), cmd.Arg(0), cmd.Arg(1), *force)
+}
+
+// CmdNetworkLs lists all the networks managed by docker daemon
+//
+// Usage: docker network ls [OPTIONS]
+func (cli *DockerCli) CmdNetworkLs(args ...string) error {
+	cmd := Cli.Subcmd("network ls", nil, "Lists networks", true)
+	quiet := cmd.Bool([]string{"q", "-quiet"}, false, "Only display numeric IDs")
+	noTrunc := cmd.Bool([]string{"-no-trunc"}, false, "Do not truncate the output")
+
+	flFilter := opts.NewListOpts(nil)
+	cmd.Var(&flFilter, []string{"f", "-filter"}, "Filter output based on conditions provided")
+
+	cmd.Require(flag.Exact, 0)
+	err := cmd.ParseFlags(args, true)
+	if err != nil {
+		return err
+	}
+
+	// Consolidate all filter flags, and sanity check them early.
+	// They'll get process after get response from server.
+	netFilterArgs := filters.NewArgs()
+	for _, f := range flFilter.GetAll() {
+		if netFilterArgs, err = filters.ParseFlag(f, netFilterArgs); err != nil {
+			return err
+		}
+	}
+
+	options := types.NetworkListOptions{
+		Filters: netFilterArgs,
+	}
+
+	networkResources, err := cli.client.NetworkList(context.Background(), options)
+	if err != nil {
+		return err
+	}
+
+	wr := tabwriter.NewWriter(cli.out, 20, 1, 3, ' ', 0)
+
+	// unless quiet (-q) is specified, print field titles
+	if !*quiet {
+		fmt.Fprintln(wr, "NETWORK ID\tNAME\tDRIVER")
+	}
+	sort.Sort(byNetworkName(networkResources))
+	for _, networkResource := range networkResources {
+		ID := networkResource.ID
+		netName := networkResource.Name
+		if !*noTrunc {
+			ID = stringid.TruncateID(ID)
+		}
+		if *quiet {
+			fmt.Fprintln(wr, ID)
+			continue
+		}
+		driver := networkResource.Driver
+		fmt.Fprintf(wr, "%s\t%s\t%s\t",
+			ID,
+			netName,
+			driver)
+		fmt.Fprint(wr, "\n")
+	}
+	wr.Flush()
+	return nil
+}
+
+type byNetworkName []types.NetworkResource
+
+func (r byNetworkName) Len() int           { return len(r) }
+func (r byNetworkName) Swap(i, j int)      { r[i], r[j] = r[j], r[i] }
+func (r byNetworkName) Less(i, j int) bool { return r[i].Name < r[j].Name }
+
+// CmdNetworkInspect inspects the network object for more details
+//
+// Usage: docker network inspect [OPTIONS] <NETWORK> [NETWORK...]
+func (cli *DockerCli) CmdNetworkInspect(args ...string) error {
+	cmd := Cli.Subcmd("network inspect", []string{"NETWORK [NETWORK...]"}, "Displays detailed information on one or more networks", false)
+	tmplStr := cmd.String([]string{"f", "-format"}, "", "Format the output using the given go template")
+	cmd.Require(flag.Min, 1)
+
+	if err := cmd.ParseFlags(args, true); err != nil {
+		return err
+	}
+
+	inspectSearcher := func(name string) (interface{}, []byte, error) {
+		i, err := cli.client.NetworkInspect(context.Background(), name)
+		return i, nil, err
+	}
+
+	return cli.inspectElements(*tmplStr, cmd.Args(), inspectSearcher)
+}
+
+// Consolidates the ipam configuration as a group from different related configurations
+// user can configure network with multiple non-overlapping subnets and hence it is
+// possible to correlate the various related parameters and consolidate them.
+// consoidateIpam consolidates subnets, ip-ranges, gateways and auxiliary addresses into
+// structured ipam data.
+func consolidateIpam(subnets, ranges, gateways []string, auxaddrs map[string]string) ([]network.IPAMConfig, error) {
+	if len(subnets) < len(ranges) || len(subnets) < len(gateways) {
+		return nil, fmt.Errorf("every ip-range or gateway must have a corresponding subnet")
+	}
+	iData := map[string]*network.IPAMConfig{}
+
+	// Populate non-overlapping subnets into consolidation map
+	for _, s := range subnets {
+		for k := range iData {
+			ok1, err := subnetMatches(s, k)
+			if err != nil {
+				return nil, err
+			}
+			ok2, err := subnetMatches(k, s)
+			if err != nil {
+				return nil, err
+			}
+			if ok1 || ok2 {
+				return nil, fmt.Errorf("multiple overlapping subnet configuration is not supported")
+			}
+		}
+		iData[s] = &network.IPAMConfig{Subnet: s, AuxAddress: map[string]string{}}
+	}
+
+	// Validate and add valid ip ranges
+	for _, r := range ranges {
+		match := false
+		for _, s := range subnets {
+			ok, err := subnetMatches(s, r)
+			if err != nil {
+				return nil, err
+			}
+			if !ok {
+				continue
+			}
+			if iData[s].IPRange != "" {
+				return nil, fmt.Errorf("cannot configure multiple ranges (%s, %s) on the same subnet (%s)", r, iData[s].IPRange, s)
+			}
+			d := iData[s]
+			d.IPRange = r
+			match = true
+		}
+		if !match {
+			return nil, fmt.Errorf("no matching subnet for range %s", r)
+		}
+	}
+
+	// Validate and add valid gateways
+	for _, g := range gateways {
+		match := false
+		for _, s := range subnets {
+			ok, err := subnetMatches(s, g)
+			if err != nil {
+				return nil, err
+			}
+			if !ok {
+				continue
+			}
+			if iData[s].Gateway != "" {
+				return nil, fmt.Errorf("cannot configure multiple gateways (%s, %s) for the same subnet (%s)", g, iData[s].Gateway, s)
+			}
+			d := iData[s]
+			d.Gateway = g
+			match = true
+		}
+		if !match {
+			return nil, fmt.Errorf("no matching subnet for gateway %s", g)
+		}
+	}
+
+	// Validate and add aux-addresses
+	for key, aa := range auxaddrs {
+		match := false
+		for _, s := range subnets {
+			ok, err := subnetMatches(s, aa)
+			if err != nil {
+				return nil, err
+			}
+			if !ok {
+				continue
+			}
+			iData[s].AuxAddress[key] = aa
+			match = true
+		}
+		if !match {
+			return nil, fmt.Errorf("no matching subnet for aux-address %s", aa)
+		}
+	}
+
+	idl := []network.IPAMConfig{}
+	for _, v := range iData {
+		idl = append(idl, *v)
+	}
+	return idl, nil
+}
+
+func subnetMatches(subnet, data string) (bool, error) {
+	var (
+		ip net.IP
+	)
+
+	_, s, err := net.ParseCIDR(subnet)
+	if err != nil {
+		return false, fmt.Errorf("Invalid subnet %s : %v", s, err)
+	}
+
+	if strings.Contains(data, "/") {
+		ip, _, err = net.ParseCIDR(data)
+		if err != nil {
+			return false, fmt.Errorf("Invalid cidr %s : %v", data, err)
+		}
+	} else {
+		ip = net.ParseIP(data)
+	}
+
+	return s.Contains(ip), nil
+}
+
+func networkUsage() string {
+	networkCommands := map[string]string{
+		"create":     "Create a network",
+		"connect":    "Connect container to a network",
+		"disconnect": "Disconnect container from a network",
+		"inspect":    "Display detailed network information",
+		"ls":         "List all networks",
+		"rm":         "Remove a network",
+	}
+
+	help := "Commands:\n"
+
+	for cmd, description := range networkCommands {
+		help += fmt.Sprintf("  %-25.25s%s\n", cmd, description)
+	}
+
+	help += fmt.Sprintf("\nRun 'docker network COMMAND --help' for more information on a command.")
+	return help
+}
--- a/api/client/pause.go
+++ b/api/client/pause.go
@@ -0,0 +1,34 @@
+package client
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdPause pauses all processes within one or more containers.
+//
+// Usage: docker pause CONTAINER [CONTAINER...]
+func (cli *DockerCli) CmdPause(args ...string) error {
+	cmd := Cli.Subcmd("pause", []string{"CONTAINER [CONTAINER...]"}, Cli.DockerCommands["pause"].Description, true)
+	cmd.Require(flag.Min, 1)
+
+	cmd.ParseFlags(args, true)
+
+	var errs []string
+	for _, name := range cmd.Args() {
+		if err := cli.client.ContainerPause(context.Background(), name); err != nil {
+			errs = append(errs, err.Error())
+		} else {
+			fmt.Fprintf(cli.out, "%s\n", name)
+		}
+	}
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+	return nil
+}
--- a/api/client/port.go
+++ b/api/client/port.go
@@ -0,0 +1,61 @@
+package client
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/go-connections/nat"
+)
+
+// CmdPort lists port mappings for a container.
+// If a private port is specified, it also shows the public-facing port that is NATed to the private port.
+//
+// Usage: docker port CONTAINER [PRIVATE_PORT[/PROTO]]
+func (cli *DockerCli) CmdPort(args ...string) error {
+	cmd := Cli.Subcmd("port", []string{"CONTAINER [PRIVATE_PORT[/PROTO]]"}, Cli.DockerCommands["port"].Description, true)
+	cmd.Require(flag.Min, 1)
+
+	cmd.ParseFlags(args, true)
+
+	c, err := cli.client.ContainerInspect(context.Background(), cmd.Arg(0))
+	if err != nil {
+		return err
+	}
+
+	if cmd.NArg() == 2 {
+		var (
+			port  = cmd.Arg(1)
+			proto = "tcp"
+			parts = strings.SplitN(port, "/", 2)
+		)
+
+		if len(parts) == 2 && len(parts[1]) != 0 {
+			port = parts[0]
+			proto = parts[1]
+		}
+		natPort := port + "/" + proto
+		newP, err := nat.NewPort(proto, port)
+		if err != nil {
+			return err
+		}
+		if frontends, exists := c.NetworkSettings.Ports[newP]; exists && frontends != nil {
+			for _, frontend := range frontends {
+				fmt.Fprintf(cli.out, "%s:%s\n", frontend.HostIP, frontend.HostPort)
+			}
+			return nil
+		}
+		return fmt.Errorf("Error: No public port '%s' published for %s", natPort, cmd.Arg(0))
+	}
+
+	for from, frontends := range c.NetworkSettings.Ports {
+		for _, frontend := range frontends {
+			fmt.Fprintf(cli.out, "%s -> %s:%s\n", from, frontend.HostIP, frontend.HostPort)
+		}
+	}
+
+	return nil
+}
--- a/api/client/ps.go
+++ b/api/client/ps.go
@@ -0,0 +1,89 @@
+package client
+
+import (
+	"golang.org/x/net/context"
+
+	"github.com/docker/docker/api/client/formatter"
+	Cli "github.com/docker/docker/cli"
+	"github.com/docker/docker/opts"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/engine-api/types"
+	"github.com/docker/engine-api/types/filters"
+)
+
+// CmdPs outputs a list of Docker containers.
+//
+// Usage: docker ps [OPTIONS]
+func (cli *DockerCli) CmdPs(args ...string) error {
+	var (
+		err error
+
+		psFilterArgs = filters.NewArgs()
+
+		cmd      = Cli.Subcmd("ps", nil, Cli.DockerCommands["ps"].Description, true)
+		quiet    = cmd.Bool([]string{"q", "-quiet"}, false, "Only display numeric IDs")
+		size     = cmd.Bool([]string{"s", "-size"}, false, "Display total file sizes")
+		all      = cmd.Bool([]string{"a", "-all"}, false, "Show all containers (default shows just running)")
+		noTrunc  = cmd.Bool([]string{"-no-trunc"}, false, "Don't truncate output")
+		nLatest  = cmd.Bool([]string{"l", "-latest"}, false, "Show the latest created container (includes all states)")
+		since    = cmd.String([]string{"#-since"}, "", "Show containers created since Id or Name (includes all states)")
+		before   = cmd.String([]string{"#-before"}, "", "Only show containers created before Id or Name")
+		last     = cmd.Int([]string{"n"}, -1, "Show n last created containers (includes all states)")
+		format   = cmd.String([]string{"-format"}, "", "Pretty-print containers using a Go template")
+		flFilter = opts.NewListOpts(nil)
+	)
+	cmd.Require(flag.Exact, 0)
+
+	cmd.Var(&flFilter, []string{"f", "-filter"}, "Filter output based on conditions provided")
+
+	cmd.ParseFlags(args, true)
+	if *last == -1 && *nLatest {
+		*last = 1
+	}
+
+	// Consolidate all filter flags, and sanity check them.
+	// They'll get processed in the daemon/server.
+	for _, f := range flFilter.GetAll() {
+		if psFilterArgs, err = filters.ParseFlag(f, psFilterArgs); err != nil {
+			return err
+		}
+	}
+
+	options := types.ContainerListOptions{
+		All:    *all,
+		Limit:  *last,
+		Since:  *since,
+		Before: *before,
+		Size:   *size,
+		Filter: psFilterArgs,
+	}
+
+	containers, err := cli.client.ContainerList(context.Background(), options)
+	if err != nil {
+		return err
+	}
+
+	f := *format
+	if len(f) == 0 {
+		if len(cli.PsFormat()) > 0 && !*quiet {
+			f = cli.PsFormat()
+		} else {
+			f = "table"
+		}
+	}
+
+	psCtx := formatter.ContainerContext{
+		Context: formatter.Context{
+			Output: cli.out,
+			Format: f,
+			Quiet:  *quiet,
+			Trunc:  !*noTrunc,
+		},
+		Size:       *size,
+		Containers: containers,
+	}
+
+	psCtx.Write()
+
+	return nil
+}
--- a/api/client/pull.go
+++ b/api/client/pull.go
@@ -0,0 +1,89 @@
+package client
+
+import (
+	"errors"
+	"fmt"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	"github.com/docker/docker/pkg/jsonmessage"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+	"github.com/docker/engine-api/client"
+	"github.com/docker/engine-api/types"
+)
+
+// CmdPull pulls an image or a repository from the registry.
+//
+// Usage: docker pull [OPTIONS] IMAGENAME[:TAG|@DIGEST]
+func (cli *DockerCli) CmdPull(args ...string) error {
+	cmd := Cli.Subcmd("pull", []string{"NAME[:TAG|@DIGEST]"}, Cli.DockerCommands["pull"].Description, true)
+	allTags := cmd.Bool([]string{"a", "-all-tags"}, false, "Download all tagged images in the repository")
+	addTrustedFlags(cmd, true)
+	cmd.Require(flag.Exact, 1)
+
+	cmd.ParseFlags(args, true)
+	remote := cmd.Arg(0)
+
+	distributionRef, err := reference.ParseNamed(remote)
+	if err != nil {
+		return err
+	}
+	if *allTags && !reference.IsNameOnly(distributionRef) {
+		return errors.New("tag can't be used with --all-tags/-a")
+	}
+
+	if !*allTags && reference.IsNameOnly(distributionRef) {
+		distributionRef = reference.WithDefaultTag(distributionRef)
+		fmt.Fprintf(cli.out, "Using default tag: %s\n", reference.DefaultTag)
+	}
+
+	var tag string
+	switch x := distributionRef.(type) {
+	case reference.Canonical:
+		tag = x.Digest().String()
+	case reference.NamedTagged:
+		tag = x.Tag()
+	}
+
+	ref := registry.ParseReference(tag)
+
+	// Resolve the Repository name from fqn to RepositoryInfo
+	repoInfo, err := registry.ParseRepositoryInfo(distributionRef)
+	if err != nil {
+		return err
+	}
+
+	authConfig := cli.resolveAuthConfig(repoInfo.Index)
+	requestPrivilege := cli.registryAuthenticationPrivilegedFunc(repoInfo.Index, "pull")
+
+	if isTrusted() && !ref.HasDigest() {
+		// Check if tag is digest
+		return cli.trustedPull(repoInfo, ref, authConfig, requestPrivilege)
+	}
+
+	return cli.imagePullPrivileged(authConfig, distributionRef.String(), "", requestPrivilege)
+}
+
+func (cli *DockerCli) imagePullPrivileged(authConfig types.AuthConfig, imageID, tag string, requestPrivilege client.RequestPrivilegeFunc) error {
+
+	encodedAuth, err := encodeAuthToBase64(authConfig)
+	if err != nil {
+		return err
+	}
+	options := types.ImagePullOptions{
+		ImageID:      imageID,
+		Tag:          tag,
+		RegistryAuth: encodedAuth,
+	}
+
+	responseBody, err := cli.client.ImagePull(context.Background(), options, requestPrivilege)
+	if err != nil {
+		return err
+	}
+	defer responseBody.Close()
+
+	return jsonmessage.DisplayJSONMessagesStream(responseBody, cli.out, cli.outFd, cli.isTerminalOut, nil)
+}
--- a/api/client/push.go
+++ b/api/client/push.go
@@ -0,0 +1,76 @@
+package client
+
+import (
+	"errors"
+	"io"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	"github.com/docker/docker/pkg/jsonmessage"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+	"github.com/docker/engine-api/client"
+	"github.com/docker/engine-api/types"
+)
+
+// CmdPush pushes an image or repository to the registry.
+//
+// Usage: docker push NAME[:TAG]
+func (cli *DockerCli) CmdPush(args ...string) error {
+	cmd := Cli.Subcmd("push", []string{"NAME[:TAG]"}, Cli.DockerCommands["push"].Description, true)
+	addTrustedFlags(cmd, false)
+	cmd.Require(flag.Exact, 1)
+
+	cmd.ParseFlags(args, true)
+
+	ref, err := reference.ParseNamed(cmd.Arg(0))
+	if err != nil {
+		return err
+	}
+
+	var tag string
+	switch x := ref.(type) {
+	case reference.Canonical:
+		return errors.New("cannot push a digest reference")
+	case reference.NamedTagged:
+		tag = x.Tag()
+	}
+
+	// Resolve the Repository name from fqn to RepositoryInfo
+	repoInfo, err := registry.ParseRepositoryInfo(ref)
+	if err != nil {
+		return err
+	}
+	// Resolve the Auth config relevant for this server
+	authConfig := cli.resolveAuthConfig(repoInfo.Index)
+
+	requestPrivilege := cli.registryAuthenticationPrivilegedFunc(repoInfo.Index, "push")
+	if isTrusted() {
+		return cli.trustedPush(repoInfo, tag, authConfig, requestPrivilege)
+	}
+
+	responseBody, err := cli.imagePushPrivileged(authConfig, ref.Name(), tag, requestPrivilege)
+	if err != nil {
+		return err
+	}
+
+	defer responseBody.Close()
+
+	return jsonmessage.DisplayJSONMessagesStream(responseBody, cli.out, cli.outFd, cli.isTerminalOut, nil)
+}
+
+func (cli *DockerCli) imagePushPrivileged(authConfig types.AuthConfig, imageID, tag string, requestPrivilege client.RequestPrivilegeFunc) (io.ReadCloser, error) {
+	encodedAuth, err := encodeAuthToBase64(authConfig)
+	if err != nil {
+		return nil, err
+	}
+	options := types.ImagePushOptions{
+		ImageID:      imageID,
+		Tag:          tag,
+		RegistryAuth: encodedAuth,
+	}
+
+	return cli.client.ImagePush(context.Background(), options, requestPrivilege)
+}
--- a/api/client/rename.go
+++ b/api/client/rename.go
@@ -0,0 +1,34 @@
+package client
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdRename renames a container.
+//
+// Usage: docker rename OLD_NAME NEW_NAME
+func (cli *DockerCli) CmdRename(args ...string) error {
+	cmd := Cli.Subcmd("rename", []string{"OLD_NAME NEW_NAME"}, Cli.DockerCommands["rename"].Description, true)
+	cmd.Require(flag.Exact, 2)
+
+	cmd.ParseFlags(args, true)
+
+	oldName := strings.TrimSpace(cmd.Arg(0))
+	newName := strings.TrimSpace(cmd.Arg(1))
+
+	if oldName == "" || newName == "" {
+		return fmt.Errorf("Error: Neither old nor new names may be empty")
+	}
+
+	if err := cli.client.ContainerRename(context.Background(), oldName, newName); err != nil {
+		fmt.Fprintf(cli.err, "%s\n", err)
+		return fmt.Errorf("Error: failed to rename container named %s", oldName)
+	}
+	return nil
+}
--- a/api/client/restart.go
+++ b/api/client/restart.go
@@ -0,0 +1,35 @@
+package client
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdRestart restarts one or more containers.
+//
+// Usage: docker restart [OPTIONS] CONTAINER [CONTAINER...]
+func (cli *DockerCli) CmdRestart(args ...string) error {
+	cmd := Cli.Subcmd("restart", []string{"CONTAINER [CONTAINER...]"}, Cli.DockerCommands["restart"].Description, true)
+	nSeconds := cmd.Int([]string{"t", "-time"}, 10, "Seconds to wait for stop before killing the container")
+	cmd.Require(flag.Min, 1)
+
+	cmd.ParseFlags(args, true)
+
+	var errs []string
+	for _, name := range cmd.Args() {
+		if err := cli.client.ContainerRestart(context.Background(), name, *nSeconds); err != nil {
+			errs = append(errs, err.Error())
+		} else {
+			fmt.Fprintf(cli.out, "%s\n", name)
+		}
+	}
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+	return nil
+}
--- a/api/client/rm.go
+++ b/api/client/rm.go
@@ -0,0 +1,56 @@
+package client
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/engine-api/types"
+)
+
+// CmdRm removes one or more containers.
+//
+// Usage: docker rm [OPTIONS] CONTAINER [CONTAINER...]
+func (cli *DockerCli) CmdRm(args ...string) error {
+	cmd := Cli.Subcmd("rm", []string{"CONTAINER [CONTAINER...]"}, Cli.DockerCommands["rm"].Description, true)
+	v := cmd.Bool([]string{"v", "-volumes"}, false, "Remove the volumes associated with the container")
+	link := cmd.Bool([]string{"l", "-link"}, false, "Remove the specified link")
+	force := cmd.Bool([]string{"f", "-force"}, false, "Force the removal of a running container (uses SIGKILL)")
+	cmd.Require(flag.Min, 1)
+
+	cmd.ParseFlags(args, true)
+
+	var errs []string
+	for _, name := range cmd.Args() {
+		if name == "" {
+			return fmt.Errorf("Container name cannot be empty")
+		}
+		name = strings.Trim(name, "/")
+
+		if err := cli.removeContainer(name, *v, *link, *force); err != nil {
+			errs = append(errs, err.Error())
+		} else {
+			fmt.Fprintf(cli.out, "%s\n", name)
+		}
+	}
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+	return nil
+}
+
+func (cli *DockerCli) removeContainer(containerID string, removeVolumes, removeLinks, force bool) error {
+	options := types.ContainerRemoveOptions{
+		ContainerID:   containerID,
+		RemoveVolumes: removeVolumes,
+		RemoveLinks:   removeLinks,
+		Force:         force,
+	}
+	if err := cli.client.ContainerRemove(context.Background(), options); err != nil {
+		return err
+	}
+	return nil
+}
--- a/api/client/rmi.go
+++ b/api/client/rmi.go
@@ -0,0 +1,59 @@
+package client
+
+import (
+	"fmt"
+	"net/url"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/engine-api/types"
+)
+
+// CmdRmi removes all images with the specified name(s).
+//
+// Usage: docker rmi [OPTIONS] IMAGE [IMAGE...]
+func (cli *DockerCli) CmdRmi(args ...string) error {
+	cmd := Cli.Subcmd("rmi", []string{"IMAGE [IMAGE...]"}, Cli.DockerCommands["rmi"].Description, true)
+	force := cmd.Bool([]string{"f", "-force"}, false, "Force removal of the image")
+	noprune := cmd.Bool([]string{"-no-prune"}, false, "Do not delete untagged parents")
+	cmd.Require(flag.Min, 1)
+
+	cmd.ParseFlags(args, true)
+
+	v := url.Values{}
+	if *force {
+		v.Set("force", "1")
+	}
+	if *noprune {
+		v.Set("noprune", "1")
+	}
+
+	var errs []string
+	for _, name := range cmd.Args() {
+		options := types.ImageRemoveOptions{
+			ImageID:       name,
+			Force:         *force,
+			PruneChildren: !*noprune,
+		}
+
+		dels, err := cli.client.ImageRemove(context.Background(), options)
+		if err != nil {
+			errs = append(errs, err.Error())
+		} else {
+			for _, del := range dels {
+				if del.Deleted != "" {
+					fmt.Fprintf(cli.out, "Deleted: %s\n", del.Deleted)
+				} else {
+					fmt.Fprintf(cli.out, "Untagged: %s\n", del.Untagged)
+				}
+			}
+		}
+	}
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+	return nil
+}
--- a/api/client/run.go
+++ b/api/client/run.go
@@ -0,0 +1,287 @@
+package client
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"runtime"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/Sirupsen/logrus"
+	Cli "github.com/docker/docker/cli"
+	"github.com/docker/docker/opts"
+	"github.com/docker/docker/pkg/promise"
+	"github.com/docker/docker/pkg/signal"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/docker/engine-api/types"
+	"github.com/docker/libnetwork/resolvconf/dns"
+)
+
+const (
+	errCmdNotFound          = "not found or does not exist."
+	errCmdCouldNotBeInvoked = "could not be invoked."
+)
+
+func (cid *cidFile) Close() error {
+	cid.file.Close()
+
+	if !cid.written {
+		if err := os.Remove(cid.path); err != nil {
+			return fmt.Errorf("failed to remove the CID file '%s': %s \n", cid.path, err)
+		}
+	}
+
+	return nil
+}
+
+func (cid *cidFile) Write(id string) error {
+	if _, err := cid.file.Write([]byte(id)); err != nil {
+		return fmt.Errorf("Failed to write the container ID to the file: %s", err)
+	}
+	cid.written = true
+	return nil
+}
+
+// if container start fails with 'command not found' error, return 127
+// if container start fails with 'command cannot be invoked' error, return 126
+// return 125 for generic docker daemon failures
+func runStartContainerErr(err error) error {
+	trimmedErr := strings.Trim(err.Error(), "Error response from daemon: ")
+	statusError := Cli.StatusError{StatusCode: 125}
+
+	if strings.HasPrefix(trimmedErr, "Container command") {
+		if strings.Contains(trimmedErr, errCmdNotFound) {
+			statusError = Cli.StatusError{StatusCode: 127}
+		} else if strings.Contains(trimmedErr, errCmdCouldNotBeInvoked) {
+			statusError = Cli.StatusError{StatusCode: 126}
+		}
+	}
+
+	return statusError
+}
+
+// CmdRun runs a command in a new container.
+//
+// Usage: docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
+func (cli *DockerCli) CmdRun(args ...string) error {
+	cmd := Cli.Subcmd("run", []string{"IMAGE [COMMAND] [ARG...]"}, Cli.DockerCommands["run"].Description, true)
+	addTrustedFlags(cmd, true)
+
+	// These are flags not stored in Config/HostConfig
+	var (
+		flAutoRemove = cmd.Bool([]string{"-rm"}, false, "Automatically remove the container when it exits")
+		flDetach     = cmd.Bool([]string{"d", "-detach"}, false, "Run container in background and print container ID")
+		flSigProxy   = cmd.Bool([]string{"-sig-proxy"}, true, "Proxy received signals to the process")
+		flName       = cmd.String([]string{"-name"}, "", "Assign a name to the container")
+		flDetachKeys = cmd.String([]string{"-detach-keys"}, "", "Override the key sequence for detaching a container")
+		flAttach     *opts.ListOpts
+
+		ErrConflictAttachDetach               = fmt.Errorf("Conflicting options: -a and -d")
+		ErrConflictRestartPolicyAndAutoRemove = fmt.Errorf("Conflicting options: --restart and --rm")
+		ErrConflictDetachAutoRemove           = fmt.Errorf("Conflicting options: --rm and -d")
+	)
+
+	config, hostConfig, networkingConfig, cmd, err := runconfigopts.Parse(cmd, args)
+
+	// just in case the Parse does not exit
+	if err != nil {
+		cmd.ReportError(err.Error(), true)
+		os.Exit(125)
+	}
+
+	if hostConfig.OomKillDisable != nil && *hostConfig.OomKillDisable && hostConfig.Memory == 0 {
+		fmt.Fprintf(cli.err, "WARNING: Disabling the OOM killer on containers without setting a '-m/--memory' limit may be dangerous.\n")
+	}
+
+	if len(hostConfig.DNS) > 0 {
+		// check the DNS settings passed via --dns against
+		// localhost regexp to warn if they are trying to
+		// set a DNS to a localhost address
+		for _, dnsIP := range hostConfig.DNS {
+			if dns.IsLocalhost(dnsIP) {
+				fmt.Fprintf(cli.err, "WARNING: Localhost DNS setting (--dns=%s) may fail in containers.\n", dnsIP)
+				break
+			}
+		}
+	}
+	if config.Image == "" {
+		cmd.Usage()
+		return nil
+	}
+
+	config.ArgsEscaped = false
+
+	if !*flDetach {
+		if err := cli.CheckTtyInput(config.AttachStdin, config.Tty); err != nil {
+			return err
+		}
+	} else {
+		if fl := cmd.Lookup("-attach"); fl != nil {
+			flAttach = fl.Value.(*opts.ListOpts)
+			if flAttach.Len() != 0 {
+				return ErrConflictAttachDetach
+			}
+		}
+		if *flAutoRemove {
+			return ErrConflictDetachAutoRemove
+		}
+
+		config.AttachStdin = false
+		config.AttachStdout = false
+		config.AttachStderr = false
+		config.StdinOnce = false
+	}
+
+	// Disable flSigProxy when in TTY mode
+	sigProxy := *flSigProxy
+	if config.Tty {
+		sigProxy = false
+	}
+
+	// Telling the Windows daemon the initial size of the tty during start makes
+	// a far better user experience rather than relying on subsequent resizes
+	// to cause things to catch up.
+	if runtime.GOOS == "windows" {
+		hostConfig.ConsoleSize[0], hostConfig.ConsoleSize[1] = cli.getTtySize()
+	}
+
+	createResponse, err := cli.createContainer(config, hostConfig, networkingConfig, hostConfig.ContainerIDFile, *flName)
+	if err != nil {
+		cmd.ReportError(err.Error(), true)
+		return runStartContainerErr(err)
+	}
+	if sigProxy {
+		sigc := cli.forwardAllSignals(createResponse.ID)
+		defer signal.StopCatch(sigc)
+	}
+	var (
+		waitDisplayID chan struct{}
+		errCh         chan error
+	)
+	if !config.AttachStdout && !config.AttachStderr {
+		// Make this asynchronous to allow the client to write to stdin before having to read the ID
+		waitDisplayID = make(chan struct{})
+		go func() {
+			defer close(waitDisplayID)
+			fmt.Fprintf(cli.out, "%s\n", createResponse.ID)
+		}()
+	}
+	if *flAutoRemove && (hostConfig.RestartPolicy.IsAlways() || hostConfig.RestartPolicy.IsOnFailure()) {
+		return ErrConflictRestartPolicyAndAutoRemove
+	}
+
+	if config.AttachStdin || config.AttachStdout || config.AttachStderr {
+		var (
+			out, stderr io.Writer
+			in          io.ReadCloser
+		)
+		if config.AttachStdin {
+			in = cli.in
+		}
+		if config.AttachStdout {
+			out = cli.out
+		}
+		if config.AttachStderr {
+			if config.Tty {
+				stderr = cli.out
+			} else {
+				stderr = cli.err
+			}
+		}
+
+		if *flDetachKeys != "" {
+			cli.configFile.DetachKeys = *flDetachKeys
+		}
+
+		options := types.ContainerAttachOptions{
+			ContainerID: createResponse.ID,
+			Stream:      true,
+			Stdin:       config.AttachStdin,
+			Stdout:      config.AttachStdout,
+			Stderr:      config.AttachStderr,
+			DetachKeys:  cli.configFile.DetachKeys,
+		}
+
+		resp, err := cli.client.ContainerAttach(context.Background(), options)
+		if err != nil {
+			return err
+		}
+		if in != nil && config.Tty {
+			if err := cli.setRawTerminal(); err != nil {
+				return err
+			}
+			defer cli.restoreTerminal(in)
+		}
+		errCh = promise.Go(func() error {
+			return cli.holdHijackedConnection(config.Tty, in, out, stderr, resp)
+		})
+	}
+
+	if *flAutoRemove {
+		defer func() {
+			if err := cli.removeContainer(createResponse.ID, true, false, false); err != nil {
+				fmt.Fprintf(cli.err, "%v\n", err)
+			}
+		}()
+	}
+
+	//start the container
+	if err := cli.client.ContainerStart(context.Background(), createResponse.ID); err != nil {
+		cmd.ReportError(err.Error(), false)
+		return runStartContainerErr(err)
+	}
+
+	if (config.AttachStdin || config.AttachStdout || config.AttachStderr) && config.Tty && cli.isTerminalOut {
+		if err := cli.monitorTtySize(createResponse.ID, false); err != nil {
+			fmt.Fprintf(cli.err, "Error monitoring TTY size: %s\n", err)
+		}
+	}
+
+	if errCh != nil {
+		if err := <-errCh; err != nil {
+			logrus.Debugf("Error hijack: %s", err)
+			return err
+		}
+	}
+
+	// Detached mode: wait for the id to be displayed and return.
+	if !config.AttachStdout && !config.AttachStderr {
+		// Detached mode
+		<-waitDisplayID
+		return nil
+	}
+
+	var status int
+
+	// Attached mode
+	if *flAutoRemove {
+		// Autoremove: wait for the container to finish, retrieve
+		// the exit code and remove the container
+		if status, err = cli.client.ContainerWait(context.Background(), createResponse.ID); err != nil {
+			return runStartContainerErr(err)
+		}
+		if _, status, err = getExitCode(cli, createResponse.ID); err != nil {
+			return err
+		}
+	} else {
+		// No Autoremove: Simply retrieve the exit code
+		if !config.Tty {
+			// In non-TTY mode, we can't detach, so we must wait for container exit
+			if status, err = cli.client.ContainerWait(context.Background(), createResponse.ID); err != nil {
+				return err
+			}
+		} else {
+			// In TTY mode, there is a race: if the process dies too slowly, the state could
+			// be updated after the getExitCode call and result in the wrong exit code being reported
+			if _, status, err = getExitCode(cli, createResponse.ID); err != nil {
+				return err
+			}
+		}
+	}
+	if status != 0 {
+		return Cli.StatusError{StatusCode: status}
+	}
+	return nil
+}
--- a/api/client/save.go
+++ b/api/client/save.go
@@ -0,0 +1,42 @@
+package client
+
+import (
+	"errors"
+	"io"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdSave saves one or more images to a tar archive.
+//
+// The tar archive is written to STDOUT by default, or written to a file.
+//
+// Usage: docker save [OPTIONS] IMAGE [IMAGE...]
+func (cli *DockerCli) CmdSave(args ...string) error {
+	cmd := Cli.Subcmd("save", []string{"IMAGE [IMAGE...]"}, Cli.DockerCommands["save"].Description+" (streamed to STDOUT by default)", true)
+	outfile := cmd.String([]string{"o", "-output"}, "", "Write to a file, instead of STDOUT")
+	cmd.Require(flag.Min, 1)
+
+	cmd.ParseFlags(args, true)
+
+	if *outfile == "" && cli.isTerminalOut {
+		return errors.New("Cowardly refusing to save to a terminal. Use the -o flag or redirect.")
+	}
+
+	responseBody, err := cli.client.ImageSave(context.Background(), cmd.Args())
+	if err != nil {
+		return err
+	}
+	defer responseBody.Close()
+
+	if *outfile == "" {
+		_, err := io.Copy(cli.out, responseBody)
+		return err
+	}
+
+	return copyToFile(*outfile, responseBody)
+
+}
--- a/api/client/search.go
+++ b/api/client/search.go
@@ -0,0 +1,93 @@
+package client
+
+import (
+	"fmt"
+	"net/url"
+	"sort"
+	"strings"
+	"text/tabwriter"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/stringutils"
+	"github.com/docker/docker/registry"
+	"github.com/docker/engine-api/types"
+	registrytypes "github.com/docker/engine-api/types/registry"
+)
+
+// CmdSearch searches the Docker Hub for images.
+//
+// Usage: docker search [OPTIONS] TERM
+func (cli *DockerCli) CmdSearch(args ...string) error {
+	cmd := Cli.Subcmd("search", []string{"TERM"}, Cli.DockerCommands["search"].Description, true)
+	noTrunc := cmd.Bool([]string{"-no-trunc"}, false, "Don't truncate output")
+	automated := cmd.Bool([]string{"-automated"}, false, "Only show automated builds")
+	stars := cmd.Uint([]string{"s", "-stars"}, 0, "Only displays with at least x stars")
+	cmd.Require(flag.Exact, 1)
+
+	cmd.ParseFlags(args, true)
+
+	name := cmd.Arg(0)
+	v := url.Values{}
+	v.Set("term", name)
+
+	indexInfo, err := registry.ParseSearchIndexInfo(name)
+	if err != nil {
+		return err
+	}
+
+	authConfig := cli.resolveAuthConfig(indexInfo)
+	requestPrivilege := cli.registryAuthenticationPrivilegedFunc(indexInfo, "search")
+
+	encodedAuth, err := encodeAuthToBase64(authConfig)
+	if err != nil {
+		return err
+	}
+
+	options := types.ImageSearchOptions{
+		Term:         name,
+		RegistryAuth: encodedAuth,
+	}
+
+	unorderedResults, err := cli.client.ImageSearch(context.Background(), options, requestPrivilege)
+	if err != nil {
+		return err
+	}
+
+	results := searchResultsByStars(unorderedResults)
+	sort.Sort(results)
+
+	w := tabwriter.NewWriter(cli.out, 10, 1, 3, ' ', 0)
+	fmt.Fprintf(w, "NAME\tDESCRIPTION\tSTARS\tOFFICIAL\tAUTOMATED\n")
+	for _, res := range results {
+		if (*automated && !res.IsAutomated) || (int(*stars) > res.StarCount) {
+			continue
+		}
+		desc := strings.Replace(res.Description, "\n", " ", -1)
+		desc = strings.Replace(desc, "\r", " ", -1)
+		if !*noTrunc && len(desc) > 45 {
+			desc = stringutils.Truncate(desc, 42) + "..."
+		}
+		fmt.Fprintf(w, "%s\t%s\t%d\t", res.Name, desc, res.StarCount)
+		if res.IsOfficial {
+			fmt.Fprint(w, "[OK]")
+
+		}
+		fmt.Fprint(w, "\t")
+		if res.IsAutomated || res.IsTrusted {
+			fmt.Fprint(w, "[OK]")
+		}
+		fmt.Fprint(w, "\n")
+	}
+	w.Flush()
+	return nil
+}
+
+// SearchResultsByStars sorts search results in descending order by number of stars.
+type searchResultsByStars []registrytypes.SearchResult
+
+func (r searchResultsByStars) Len() int           { return len(r) }
+func (r searchResultsByStars) Swap(i, j int)      { r[i], r[j] = r[j], r[i] }
+func (r searchResultsByStars) Less(i, j int) bool { return r[j].StarCount < r[i].StarCount }
--- a/api/client/start.go
+++ b/api/client/start.go
@@ -0,0 +1,157 @@
+package client
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	"github.com/Sirupsen/logrus"
+	Cli "github.com/docker/docker/cli"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/pkg/promise"
+	"github.com/docker/docker/pkg/signal"
+	"github.com/docker/engine-api/types"
+)
+
+func (cli *DockerCli) forwardAllSignals(cid string) chan os.Signal {
+	sigc := make(chan os.Signal, 128)
+	signal.CatchAll(sigc)
+	go func() {
+		for s := range sigc {
+			if s == signal.SIGCHLD || s == signal.SIGPIPE {
+				continue
+			}
+			var sig string
+			for sigStr, sigN := range signal.SignalMap {
+				if sigN == s {
+					sig = sigStr
+					break
+				}
+			}
+			if sig == "" {
+				fmt.Fprintf(cli.err, "Unsupported signal: %v. Discarding.\n", s)
+				continue
+			}
+
+			if err := cli.client.ContainerKill(context.Background(), cid, sig); err != nil {
+				logrus.Debugf("Error sending signal: %s", err)
+			}
+		}
+	}()
+	return sigc
+}
+
+// CmdStart starts one or more containers.
+//
+// Usage: docker start [OPTIONS] CONTAINER [CONTAINER...]
+func (cli *DockerCli) CmdStart(args ...string) error {
+	cmd := Cli.Subcmd("start", []string{"CONTAINER [CONTAINER...]"}, Cli.DockerCommands["start"].Description, true)
+	attach := cmd.Bool([]string{"a", "-attach"}, false, "Attach STDOUT/STDERR and forward signals")
+	openStdin := cmd.Bool([]string{"i", "-interactive"}, false, "Attach container's STDIN")
+	detachKeys := cmd.String([]string{"-detach-keys"}, "", "Override the key sequence for detaching a container")
+	cmd.Require(flag.Min, 1)
+
+	cmd.ParseFlags(args, true)
+
+	if *attach || *openStdin {
+		// We're going to attach to a container.
+		// 1. Ensure we only have one container.
+		if cmd.NArg() > 1 {
+			return fmt.Errorf("You cannot start and attach multiple containers at once.")
+		}
+
+		// 2. Attach to the container.
+		containerID := cmd.Arg(0)
+		c, err := cli.client.ContainerInspect(context.Background(), containerID)
+		if err != nil {
+			return err
+		}
+
+		if !c.Config.Tty {
+			sigc := cli.forwardAllSignals(containerID)
+			defer signal.StopCatch(sigc)
+		}
+
+		if *detachKeys != "" {
+			cli.configFile.DetachKeys = *detachKeys
+		}
+
+		options := types.ContainerAttachOptions{
+			ContainerID: containerID,
+			Stream:      true,
+			Stdin:       *openStdin && c.Config.OpenStdin,
+			Stdout:      true,
+			Stderr:      true,
+			DetachKeys:  cli.configFile.DetachKeys,
+		}
+
+		var in io.ReadCloser
+		if options.Stdin {
+			in = cli.in
+		}
+
+		resp, err := cli.client.ContainerAttach(context.Background(), options)
+		if err != nil {
+			return err
+		}
+		defer resp.Close()
+		if in != nil && c.Config.Tty {
+			if err := cli.setRawTerminal(); err != nil {
+				return err
+			}
+			defer cli.restoreTerminal(in)
+		}
+
+		cErr := promise.Go(func() error {
+			return cli.holdHijackedConnection(c.Config.Tty, in, cli.out, cli.err, resp)
+		})
+
+		// 3. Start the container.
+		if err := cli.client.ContainerStart(context.Background(), containerID); err != nil {
+			return err
+		}
+
+		// 4. Wait for attachment to break.
+		if c.Config.Tty && cli.isTerminalOut {
+			if err := cli.monitorTtySize(containerID, false); err != nil {
+				fmt.Fprintf(cli.err, "Error monitoring TTY size: %s\n", err)
+			}
+		}
+		if attchErr := <-cErr; attchErr != nil {
+			return attchErr
+		}
+		_, status, err := getExitCode(cli, containerID)
+		if err != nil {
+			return err
+		}
+		if status != 0 {
+			return Cli.StatusError{StatusCode: status}
+		}
+	} else {
+		// We're not going to attach to anything.
+		// Start as many containers as we want.
+		return cli.startContainersWithoutAttachments(cmd.Args())
+	}
+
+	return nil
+}
+
+func (cli *DockerCli) startContainersWithoutAttachments(containerIDs []string) error {
+	var failedContainers []string
+	for _, containerID := range containerIDs {
+		if err := cli.client.ContainerStart(context.Background(), containerID); err != nil {
+			fmt.Fprintf(cli.err, "%s\n", err)
+			failedContainers = append(failedContainers, containerID)
+		} else {
+			fmt.Fprintf(cli.out, "%s\n", containerID)
+		}
+	}
+
+	if len(failedContainers) > 0 {
+		return fmt.Errorf("Error: failed to start containers: %v", strings.Join(failedContainers, ", "))
+	}
+	return nil
+}
--- a/api/client/stats.go
+++ b/api/client/stats.go
@@ -0,0 +1,208 @@
+package client
+
+import (
+	"fmt"
+	"io"
+	"strings"
+	"sync"
+	"text/tabwriter"
+	"time"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	"github.com/docker/engine-api/types"
+	"github.com/docker/engine-api/types/events"
+	"github.com/docker/engine-api/types/filters"
+)
+
+// CmdStats displays a live stream of resource usage statistics for one or more containers.
+//
+// This shows real-time information on CPU usage, memory usage, and network I/O.
+//
+// Usage: docker stats [OPTIONS] [CONTAINER...]
+func (cli *DockerCli) CmdStats(args ...string) error {
+	cmd := Cli.Subcmd("stats", []string{"[CONTAINER...]"}, Cli.DockerCommands["stats"].Description, true)
+	all := cmd.Bool([]string{"a", "-all"}, false, "Show all containers (default shows just running)")
+	noStream := cmd.Bool([]string{"-no-stream"}, false, "Disable streaming stats and only pull the first result")
+
+	cmd.ParseFlags(args, true)
+
+	names := cmd.Args()
+	showAll := len(names) == 0
+	closeChan := make(chan error)
+
+	// monitorContainerEvents watches for container creation and removal (only
+	// used when calling `docker stats` without arguments).
+	monitorContainerEvents := func(started chan<- struct{}, c chan events.Message) {
+		f := filters.NewArgs()
+		f.Add("type", "container")
+		options := types.EventsOptions{
+			Filters: f,
+		}
+		resBody, err := cli.client.Events(context.Background(), options)
+		// Whether we successfully subscribed to events or not, we can now
+		// unblock the main goroutine.
+		close(started)
+		if err != nil {
+			closeChan <- err
+			return
+		}
+		defer resBody.Close()
+
+		decodeEvents(resBody, func(event events.Message, err error) error {
+			if err != nil {
+				closeChan <- err
+				return nil
+			}
+			c <- event
+			return nil
+		})
+	}
+
+	// waitFirst is a WaitGroup to wait first stat data's reach for each container
+	waitFirst := &sync.WaitGroup{}
+
+	cStats := stats{}
+	// getContainerList simulates creation event for all previously existing
+	// containers (only used when calling `docker stats` without arguments).
+	getContainerList := func() {
+		options := types.ContainerListOptions{
+			All: *all,
+		}
+		cs, err := cli.client.ContainerList(context.Background(), options)
+		if err != nil {
+			closeChan <- err
+		}
+		for _, container := range cs {
+			s := &containerStats{Name: container.ID[:12]}
+			if cStats.add(s) {
+				waitFirst.Add(1)
+				go s.Collect(cli.client, !*noStream, waitFirst)
+			}
+		}
+	}
+
+	if showAll {
+		// If no names were specified, start a long running goroutine which
+		// monitors container events. We make sure we're subscribed before
+		// retrieving the list of running containers to avoid a race where we
+		// would "miss" a creation.
+		started := make(chan struct{})
+		eh := eventHandler{handlers: make(map[string]func(events.Message))}
+		eh.Handle("create", func(e events.Message) {
+			if *all {
+				s := &containerStats{Name: e.ID[:12]}
+				if cStats.add(s) {
+					waitFirst.Add(1)
+					go s.Collect(cli.client, !*noStream, waitFirst)
+				}
+			}
+		})
+
+		eh.Handle("start", func(e events.Message) {
+			s := &containerStats{Name: e.ID[:12]}
+			if cStats.add(s) {
+				waitFirst.Add(1)
+				go s.Collect(cli.client, !*noStream, waitFirst)
+			}
+		})
+
+		eh.Handle("die", func(e events.Message) {
+			if !*all {
+				cStats.remove(e.ID[:12])
+			}
+		})
+
+		eventChan := make(chan events.Message)
+		go eh.Watch(eventChan)
+		go monitorContainerEvents(started, eventChan)
+		defer close(eventChan)
+		<-started
+
+		// Start a short-lived goroutine to retrieve the initial list of
+		// containers.
+		getContainerList()
+	} else {
+		// Artificially send creation events for the containers we were asked to
+		// monitor (same code path than we use when monitoring all containers).
+		for _, name := range names {
+			s := &containerStats{Name: name}
+			if cStats.add(s) {
+				waitFirst.Add(1)
+				go s.Collect(cli.client, !*noStream, waitFirst)
+			}
+		}
+
+		// We don't expect any asynchronous errors: closeChan can be closed.
+		close(closeChan)
+
+		// Do a quick pause to detect any error with the provided list of
+		// container names.
+		time.Sleep(1500 * time.Millisecond)
+		var errs []string
+		cStats.mu.Lock()
+		for _, c := range cStats.cs {
+			c.mu.Lock()
+			if c.err != nil {
+				errs = append(errs, fmt.Sprintf("%s: %v", c.Name, c.err))
+			}
+			c.mu.Unlock()
+		}
+		cStats.mu.Unlock()
+		if len(errs) > 0 {
+			return fmt.Errorf("%s", strings.Join(errs, ", "))
+		}
+	}
+
+	// before print to screen, make sure each container get at least one valid stat data
+	waitFirst.Wait()
+
+	w := tabwriter.NewWriter(cli.out, 20, 1, 3, ' ', 0)
+	printHeader := func() {
+		if !*noStream {
+			fmt.Fprint(cli.out, "\033[2J")
+			fmt.Fprint(cli.out, "\033[H")
+		}
+		io.WriteString(w, "CONTAINER\tCPU %\tMEM USAGE / LIMIT\tMEM %\tNET I/O\tBLOCK I/O\tPIDS\n")
+	}
+
+	for range time.Tick(500 * time.Millisecond) {
+		printHeader()
+		toRemove := []int{}
+		cStats.mu.Lock()
+		for i, s := range cStats.cs {
+			if err := s.Display(w); err != nil && !*noStream {
+				toRemove = append(toRemove, i)
+			}
+		}
+		for j := len(toRemove) - 1; j >= 0; j-- {
+			i := toRemove[j]
+			cStats.cs = append(cStats.cs[:i], cStats.cs[i+1:]...)
+		}
+		if len(cStats.cs) == 0 && !showAll {
+			return nil
+		}
+		cStats.mu.Unlock()
+		w.Flush()
+		if *noStream {
+			break
+		}
+		select {
+		case err, ok := <-closeChan:
+			if ok {
+				if err != nil {
+					// this is suppressing "unexpected EOF" in the cli when the
+					// daemon restarts so it shutdowns cleanly
+					if err == io.ErrUnexpectedEOF {
+						return nil
+					}
+					return err
+				}
+			}
+		default:
+			// just skip
+		}
+	}
+	return nil
+}
--- a/api/client/stats_helpers.go
+++ b/api/client/stats_helpers.go
@@ -0,0 +1,219 @@
+package client
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/docker/engine-api/client"
+	"github.com/docker/engine-api/types"
+	"github.com/docker/go-units"
+	"golang.org/x/net/context"
+)
+
+type containerStats struct {
+	Name             string
+	CPUPercentage    float64
+	Memory           float64
+	MemoryLimit      float64
+	MemoryPercentage float64
+	NetworkRx        float64
+	NetworkTx        float64
+	BlockRead        float64
+	BlockWrite       float64
+	PidsCurrent      uint64
+	mu               sync.RWMutex
+	err              error
+}
+
+type stats struct {
+	mu sync.Mutex
+	cs []*containerStats
+}
+
+func (s *stats) add(cs *containerStats) bool {
+	s.mu.Lock()
+	defer s.mu.Unlock()
+	if _, exists := s.isKnownContainer(cs.Name); !exists {
+		s.cs = append(s.cs, cs)
+		return true
+	}
+	return false
+}
+
+func (s *stats) remove(id string) {
+	s.mu.Lock()
+	if i, exists := s.isKnownContainer(id); exists {
+		s.cs = append(s.cs[:i], s.cs[i+1:]...)
+	}
+	s.mu.Unlock()
+}
+
+func (s *stats) isKnownContainer(cid string) (int, bool) {
+	for i, c := range s.cs {
+		if c.Name == cid {
+			return i, true
+		}
+	}
+	return -1, false
+}
+
+func (s *containerStats) Collect(cli client.APIClient, streamStats bool, waitFirst *sync.WaitGroup) {
+	var (
+		getFirst       bool
+		previousCPU    uint64
+		previousSystem uint64
+		u              = make(chan error, 1)
+	)
+
+	defer func() {
+		// if error happens and we get nothing of stats, release wait group whatever
+		if !getFirst {
+			getFirst = true
+			waitFirst.Done()
+		}
+	}()
+
+	responseBody, err := cli.ContainerStats(context.Background(), s.Name, streamStats)
+	if err != nil {
+		s.mu.Lock()
+		s.err = err
+		s.mu.Unlock()
+		return
+	}
+	defer responseBody.Close()
+
+	dec := json.NewDecoder(responseBody)
+	go func() {
+		for {
+			var v *types.StatsJSON
+			if err := dec.Decode(&v); err != nil {
+				u <- err
+				return
+			}
+
+			var memPercent = 0.0
+			var cpuPercent = 0.0
+
+			// MemoryStats.Limit will never be 0 unless the container is not running and we haven't
+			// got any data from cgroup
+			if v.MemoryStats.Limit != 0 {
+				memPercent = float64(v.MemoryStats.Usage) / float64(v.MemoryStats.Limit) * 100.0
+			}
+
+			previousCPU = v.PreCPUStats.CPUUsage.TotalUsage
+			previousSystem = v.PreCPUStats.SystemUsage
+			cpuPercent = calculateCPUPercent(previousCPU, previousSystem, v)
+			blkRead, blkWrite := calculateBlockIO(v.BlkioStats)
+			s.mu.Lock()
+			s.CPUPercentage = cpuPercent
+			s.Memory = float64(v.MemoryStats.Usage)
+			s.MemoryLimit = float64(v.MemoryStats.Limit)
+			s.MemoryPercentage = memPercent
+			s.NetworkRx, s.NetworkTx = calculateNetwork(v.Networks)
+			s.BlockRead = float64(blkRead)
+			s.BlockWrite = float64(blkWrite)
+			s.PidsCurrent = v.PidsStats.Current
+			s.mu.Unlock()
+			u <- nil
+			if !streamStats {
+				return
+			}
+		}
+	}()
+	for {
+		select {
+		case <-time.After(2 * time.Second):
+			// zero out the values if we have not received an update within
+			// the specified duration.
+			s.mu.Lock()
+			s.CPUPercentage = 0
+			s.Memory = 0
+			s.MemoryPercentage = 0
+			s.MemoryLimit = 0
+			s.NetworkRx = 0
+			s.NetworkTx = 0
+			s.BlockRead = 0
+			s.BlockWrite = 0
+			s.PidsCurrent = 0
+			s.mu.Unlock()
+			// if this is the first stat you get, release WaitGroup
+			if !getFirst {
+				getFirst = true
+				waitFirst.Done()
+			}
+		case err := <-u:
+			if err != nil {
+				s.mu.Lock()
+				s.err = err
+				s.mu.Unlock()
+				return
+			}
+			// if this is the first stat you get, release WaitGroup
+			if !getFirst {
+				getFirst = true
+				waitFirst.Done()
+			}
+		}
+		if !streamStats {
+			return
+		}
+	}
+}
+
+func (s *containerStats) Display(w io.Writer) error {
+	s.mu.RLock()
+	defer s.mu.RUnlock()
+	if s.err != nil {
+		return s.err
+	}
+	fmt.Fprintf(w, "%s\t%.2f%%\t%s / %s\t%.2f%%\t%s / %s\t%s / %s\t%d\n",
+		s.Name,
+		s.CPUPercentage,
+		units.HumanSize(s.Memory), units.HumanSize(s.MemoryLimit),
+		s.MemoryPercentage,
+		units.HumanSize(s.NetworkRx), units.HumanSize(s.NetworkTx),
+		units.HumanSize(s.BlockRead), units.HumanSize(s.BlockWrite),
+		s.PidsCurrent)
+	return nil
+}
+
+func calculateCPUPercent(previousCPU, previousSystem uint64, v *types.StatsJSON) float64 {
+	var (
+		cpuPercent = 0.0
+		// calculate the change for the cpu usage of the container in between readings
+		cpuDelta = float64(v.CPUStats.CPUUsage.TotalUsage) - float64(previousCPU)
+		// calculate the change for the entire system between readings
+		systemDelta = float64(v.CPUStats.SystemUsage) - float64(previousSystem)
+	)
+
+	if systemDelta > 0.0 && cpuDelta > 0.0 {
+		cpuPercent = (cpuDelta / systemDelta) * float64(len(v.CPUStats.CPUUsage.PercpuUsage)) * 100.0
+	}
+	return cpuPercent
+}
+
+func calculateBlockIO(blkio types.BlkioStats) (blkRead uint64, blkWrite uint64) {
+	for _, bioEntry := range blkio.IoServiceBytesRecursive {
+		switch strings.ToLower(bioEntry.Op) {
+		case "read":
+			blkRead = blkRead + bioEntry.Value
+		case "write":
+			blkWrite = blkWrite + bioEntry.Value
+		}
+	}
+	return
+}
+
+func calculateNetwork(network map[string]types.NetworkStats) (float64, float64) {
+	var rx, tx float64
+
+	for _, v := range network {
+		rx += float64(v.RxBytes)
+		tx += float64(v.TxBytes)
+	}
+	return rx, tx
+}
--- a/api/client/stats_unit_test.go
+++ b/api/client/stats_unit_test.go
@@ -0,0 +1,47 @@
+package client
+
+import (
+	"bytes"
+	"sync"
+	"testing"
+
+	"github.com/docker/engine-api/types"
+)
+
+func TestDisplay(t *testing.T) {
+	c := &containerStats{
+		Name:             "app",
+		CPUPercentage:    30.0,
+		Memory:           100 * 1024 * 1024.0,
+		MemoryLimit:      2048 * 1024 * 1024.0,
+		MemoryPercentage: 100.0 / 2048.0 * 100.0,
+		NetworkRx:        100 * 1024 * 1024,
+		NetworkTx:        800 * 1024 * 1024,
+		BlockRead:        100 * 1024 * 1024,
+		BlockWrite:       800 * 1024 * 1024,
+		PidsCurrent:      1,
+		mu:               sync.RWMutex{},
+	}
+	var b bytes.Buffer
+	if err := c.Display(&b); err != nil {
+		t.Fatalf("c.Display() gave error: %s", err)
+	}
+	got := b.String()
+	want := "app\t30.00%\t104.9 MB / 2.147 GB\t4.88%\t104.9 MB / 838.9 MB\t104.9 MB / 838.9 MB\t1\n"
+	if got != want {
+		t.Fatalf("c.Display() = %q, want %q", got, want)
+	}
+}
+
+func TestCalculBlockIO(t *testing.T) {
+	blkio := types.BlkioStats{
+		IoServiceBytesRecursive: []types.BlkioStatEntry{{8, 0, "read", 1234}, {8, 1, "read", 4567}, {8, 0, "write", 123}, {8, 1, "write", 456}},
+	}
+	blkRead, blkWrite := calculateBlockIO(blkio)
+	if blkRead != 5801 {
+		t.Fatalf("blkRead = %d, want 5801", blkRead)
+	}
+	if blkWrite != 579 {
+		t.Fatalf("blkWrite = %d, want 579", blkWrite)
+	}
+}
--- a/api/client/stop.go
+++ b/api/client/stop.go
@@ -0,0 +1,37 @@
+package client
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdStop stops one or more containers.
+//
+// A running container is stopped by first sending SIGTERM and then SIGKILL if the container fails to stop within a grace period (the default is 10 seconds).
+//
+// Usage: docker stop [OPTIONS] CONTAINER [CONTAINER...]
+func (cli *DockerCli) CmdStop(args ...string) error {
+	cmd := Cli.Subcmd("stop", []string{"CONTAINER [CONTAINER...]"}, Cli.DockerCommands["stop"].Description+".\nSending SIGTERM and then SIGKILL after a grace period", true)
+	nSeconds := cmd.Int([]string{"t", "-time"}, 10, "Seconds to wait for stop before killing it")
+	cmd.Require(flag.Min, 1)
+
+	cmd.ParseFlags(args, true)
+
+	var errs []string
+	for _, name := range cmd.Args() {
+		if err := cli.client.ContainerStop(context.Background(), name, *nSeconds); err != nil {
+			errs = append(errs, err.Error())
+		} else {
+			fmt.Fprintf(cli.out, "%s\n", name)
+		}
+	}
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+	return nil
+}
--- a/api/client/tag.go
+++ b/api/client/tag.go
@@ -0,0 +1,46 @@
+package client
+
+import (
+	"errors"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/reference"
+	"github.com/docker/engine-api/types"
+)
+
+// CmdTag tags an image into a repository.
+//
+// Usage: docker tag [OPTIONS] IMAGE[:TAG] [REGISTRYHOST/][USERNAME/]NAME[:TAG]
+func (cli *DockerCli) CmdTag(args ...string) error {
+	cmd := Cli.Subcmd("tag", []string{"IMAGE[:TAG] [REGISTRYHOST/][USERNAME/]NAME[:TAG]"}, Cli.DockerCommands["tag"].Description, true)
+	force := cmd.Bool([]string{"#f", "#-force"}, false, "Force the tagging even if there's a conflict")
+	cmd.Require(flag.Exact, 2)
+
+	cmd.ParseFlags(args, true)
+
+	ref, err := reference.ParseNamed(cmd.Arg(1))
+	if err != nil {
+		return err
+	}
+
+	if _, isCanonical := ref.(reference.Canonical); isCanonical {
+		return errors.New("refusing to create a tag with a digest reference")
+	}
+
+	var tag string
+	if tagged, isTagged := ref.(reference.NamedTagged); isTagged {
+		tag = tagged.Tag()
+	}
+
+	options := types.ImageTagOptions{
+		ImageID:        cmd.Arg(0),
+		RepositoryName: ref.Name(),
+		Tag:            tag,
+		Force:          *force,
+	}
+
+	return cli.client.ImageTag(context.Background(), options)
+}
--- a/api/client/top.go
+++ b/api/client/top.go
@@ -0,0 +1,41 @@
+package client
+
+import (
+	"fmt"
+	"strings"
+	"text/tabwriter"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdTop displays the running processes of a container.
+//
+// Usage: docker top CONTAINER
+func (cli *DockerCli) CmdTop(args ...string) error {
+	cmd := Cli.Subcmd("top", []string{"CONTAINER [ps OPTIONS]"}, Cli.DockerCommands["top"].Description, true)
+	cmd.Require(flag.Min, 1)
+
+	cmd.ParseFlags(args, true)
+
+	var arguments []string
+	if cmd.NArg() > 1 {
+		arguments = cmd.Args()[1:]
+	}
+
+	procList, err := cli.client.ContainerTop(context.Background(), cmd.Arg(0), arguments)
+	if err != nil {
+		return err
+	}
+
+	w := tabwriter.NewWriter(cli.out, 20, 1, 3, ' ', 0)
+	fmt.Fprintln(w, strings.Join(procList.Titles, "\t"))
+
+	for _, proc := range procList.Processes {
+		fmt.Fprintln(w, strings.Join(proc, "\t"))
+	}
+	w.Flush()
+	return nil
+}
--- a/api/client/trust.go
+++ b/api/client/trust.go
@@ -0,0 +1,559 @@
+package client
+
+import (
+	"encoding/hex"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net"
+	"net/http"
+	"net/url"
+	"os"
+	"path"
+	"path/filepath"
+	"sort"
+	"strconv"
+	"time"
+
+	"golang.org/x/net/context"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/distribution/digest"
+	"github.com/docker/distribution/registry/client/auth"
+	"github.com/docker/distribution/registry/client/transport"
+	"github.com/docker/docker/cliconfig"
+	"github.com/docker/docker/distribution"
+	"github.com/docker/docker/pkg/jsonmessage"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/reference"
+	"github.com/docker/docker/registry"
+	apiclient "github.com/docker/engine-api/client"
+	"github.com/docker/engine-api/types"
+	registrytypes "github.com/docker/engine-api/types/registry"
+	"github.com/docker/go-connections/tlsconfig"
+	"github.com/docker/notary/client"
+	"github.com/docker/notary/passphrase"
+	"github.com/docker/notary/trustmanager"
+	"github.com/docker/notary/tuf/data"
+	"github.com/docker/notary/tuf/signed"
+	"github.com/docker/notary/tuf/store"
+)
+
+var (
+	releasesRole = path.Join(data.CanonicalTargetsRole, "releases")
+	untrusted    bool
+)
+
+func addTrustedFlags(fs *flag.FlagSet, verify bool) {
+	var trusted bool
+	if e := os.Getenv("DOCKER_CONTENT_TRUST"); e != "" {
+		if t, err := strconv.ParseBool(e); t || err != nil {
+			// treat any other value as true
+			trusted = true
+		}
+	}
+	message := "Skip image signing"
+	if verify {
+		message = "Skip image verification"
+	}
+	fs.BoolVar(&untrusted, []string{"-disable-content-trust"}, !trusted, message)
+}
+
+func isTrusted() bool {
+	return !untrusted
+}
+
+type target struct {
+	reference registry.Reference
+	digest    digest.Digest
+	size      int64
+}
+
+func (cli *DockerCli) trustDirectory() string {
+	return filepath.Join(cliconfig.ConfigDir(), "trust")
+}
+
+// certificateDirectory returns the directory containing
+// TLS certificates for the given server. An error is
+// returned if there was an error parsing the server string.
+func (cli *DockerCli) certificateDirectory(server string) (string, error) {
+	u, err := url.Parse(server)
+	if err != nil {
+		return "", err
+	}
+
+	return filepath.Join(cliconfig.ConfigDir(), "tls", u.Host), nil
+}
+
+func trustServer(index *registrytypes.IndexInfo) (string, error) {
+	if s := os.Getenv("DOCKER_CONTENT_TRUST_SERVER"); s != "" {
+		urlObj, err := url.Parse(s)
+		if err != nil || urlObj.Scheme != "https" {
+			return "", fmt.Errorf("valid https URL required for trust server, got %s", s)
+		}
+
+		return s, nil
+	}
+	if index.Official {
+		return registry.NotaryServer, nil
+	}
+	return "https://" + index.Name, nil
+}
+
+type simpleCredentialStore struct {
+	auth types.AuthConfig
+}
+
+func (scs simpleCredentialStore) Basic(u *url.URL) (string, string) {
+	return scs.auth.Username, scs.auth.Password
+}
+
+func (scs simpleCredentialStore) RefreshToken(u *url.URL, service string) string {
+	return scs.auth.IdentityToken
+}
+
+func (scs simpleCredentialStore) SetRefreshToken(*url.URL, string, string) {
+}
+
+// getNotaryRepository returns a NotaryRepository which stores all the
+// information needed to operate on a notary repository.
+// It creates a HTTP transport providing authentication support.
+func (cli *DockerCli) getNotaryRepository(repoInfo *registry.RepositoryInfo, authConfig types.AuthConfig, actions ...string) (*client.NotaryRepository, error) {
+	server, err := trustServer(repoInfo.Index)
+	if err != nil {
+		return nil, err
+	}
+
+	var cfg = tlsconfig.ClientDefault
+	cfg.InsecureSkipVerify = !repoInfo.Index.Secure
+
+	// Get certificate base directory
+	certDir, err := cli.certificateDirectory(server)
+	if err != nil {
+		return nil, err
+	}
+	logrus.Debugf("reading certificate directory: %s", certDir)
+
+	if err := registry.ReadCertsDirectory(&cfg, certDir); err != nil {
+		return nil, err
+	}
+
+	base := &http.Transport{
+		Proxy: http.ProxyFromEnvironment,
+		Dial: (&net.Dialer{
+			Timeout:   30 * time.Second,
+			KeepAlive: 30 * time.Second,
+			DualStack: true,
+		}).Dial,
+		TLSHandshakeTimeout: 10 * time.Second,
+		TLSClientConfig:     &cfg,
+		DisableKeepAlives:   true,
+	}
+
+	// Skip configuration headers since request is not going to Docker daemon
+	modifiers := registry.DockerHeaders(clientUserAgent(), http.Header{})
+	authTransport := transport.NewTransport(base, modifiers...)
+	pingClient := &http.Client{
+		Transport: authTransport,
+		Timeout:   5 * time.Second,
+	}
+	endpointStr := server + "/v2/"
+	req, err := http.NewRequest("GET", endpointStr, nil)
+	if err != nil {
+		return nil, err
+	}
+
+	challengeManager := auth.NewSimpleChallengeManager()
+
+	resp, err := pingClient.Do(req)
+	if err != nil {
+		// Ignore error on ping to operate in offline mode
+		logrus.Debugf("Error pinging notary server %q: %s", endpointStr, err)
+	} else {
+		defer resp.Body.Close()
+
+		// Add response to the challenge manager to parse out
+		// authentication header and register authentication method
+		if err := challengeManager.AddResponse(resp); err != nil {
+			return nil, err
+		}
+	}
+
+	creds := simpleCredentialStore{auth: authConfig}
+	tokenHandler := auth.NewTokenHandler(authTransport, creds, repoInfo.FullName(), actions...)
+	basicHandler := auth.NewBasicHandler(creds)
+	modifiers = append(modifiers, transport.RequestModifier(auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler)))
+	tr := transport.NewTransport(base, modifiers...)
+
+	return client.NewNotaryRepository(cli.trustDirectory(), repoInfo.FullName(), server, tr, cli.getPassphraseRetriever())
+}
+
+func convertTarget(t client.Target) (target, error) {
+	h, ok := t.Hashes["sha256"]
+	if !ok {
+		return target{}, errors.New("no valid hash, expecting sha256")
+	}
+	return target{
+		reference: registry.ParseReference(t.Name),
+		digest:    digest.NewDigestFromHex("sha256", hex.EncodeToString(h)),
+		size:      t.Length,
+	}, nil
+}
+
+func (cli *DockerCli) getPassphraseRetriever() passphrase.Retriever {
+	aliasMap := map[string]string{
+		"root":     "root",
+		"snapshot": "repository",
+		"targets":  "repository",
+		"default":  "repository",
+	}
+	baseRetriever := passphrase.PromptRetrieverWithInOut(cli.in, cli.out, aliasMap)
+	env := map[string]string{
+		"root":     os.Getenv("DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE"),
+		"snapshot": os.Getenv("DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE"),
+		"targets":  os.Getenv("DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE"),
+		"default":  os.Getenv("DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE"),
+	}
+
+	// Backwards compatibility with old env names. We should remove this in 1.10
+	if env["root"] == "" {
+		if passphrase := os.Getenv("DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE"); passphrase != "" {
+			env["root"] = passphrase
+			fmt.Fprintf(cli.err, "[DEPRECATED] The environment variable DOCKER_CONTENT_TRUST_OFFLINE_PASSPHRASE has been deprecated and will be removed in v1.10. Please use DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE\n")
+		}
+	}
+	if env["snapshot"] == "" || env["targets"] == "" || env["default"] == "" {
+		if passphrase := os.Getenv("DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE"); passphrase != "" {
+			env["snapshot"] = passphrase
+			env["targets"] = passphrase
+			env["default"] = passphrase
+			fmt.Fprintf(cli.err, "[DEPRECATED] The environment variable DOCKER_CONTENT_TRUST_TAGGING_PASSPHRASE has been deprecated and will be removed in v1.10. Please use DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE\n")
+		}
+	}
+
+	return func(keyName string, alias string, createNew bool, numAttempts int) (string, bool, error) {
+		if v := env[alias]; v != "" {
+			return v, numAttempts > 1, nil
+		}
+		// For non-root roles, we can also try the "default" alias if it is specified
+		if v := env["default"]; v != "" && alias != data.CanonicalRootRole {
+			return v, numAttempts > 1, nil
+		}
+		return baseRetriever(keyName, alias, createNew, numAttempts)
+	}
+}
+
+func (cli *DockerCli) trustedReference(ref reference.NamedTagged) (reference.Canonical, error) {
+	repoInfo, err := registry.ParseRepositoryInfo(ref)
+	if err != nil {
+		return nil, err
+	}
+
+	// Resolve the Auth config relevant for this server
+	authConfig := cli.resolveAuthConfig(repoInfo.Index)
+
+	notaryRepo, err := cli.getNotaryRepository(repoInfo, authConfig, "pull")
+	if err != nil {
+		fmt.Fprintf(cli.out, "Error establishing connection to trust repository: %s\n", err)
+		return nil, err
+	}
+
+	t, err := notaryRepo.GetTargetByName(ref.Tag(), releasesRole, data.CanonicalTargetsRole)
+	if err != nil {
+		return nil, err
+	}
+	// Only list tags in the top level targets role or the releases delegation role - ignore
+	// all other delegation roles
+	if t.Role != releasesRole && t.Role != data.CanonicalTargetsRole {
+		return nil, notaryError(repoInfo.FullName(), fmt.Errorf("No trust data for %s", ref.Tag()))
+	}
+	r, err := convertTarget(t.Target)
+	if err != nil {
+		return nil, err
+
+	}
+
+	return reference.WithDigest(ref, r.digest)
+}
+
+func (cli *DockerCli) tagTrusted(trustedRef reference.Canonical, ref reference.NamedTagged) error {
+	fmt.Fprintf(cli.out, "Tagging %s as %s\n", trustedRef.String(), ref.String())
+
+	options := types.ImageTagOptions{
+		ImageID:        trustedRef.String(),
+		RepositoryName: trustedRef.Name(),
+		Tag:            ref.Tag(),
+		Force:          true,
+	}
+
+	return cli.client.ImageTag(context.Background(), options)
+}
+
+func notaryError(repoName string, err error) error {
+	switch err.(type) {
+	case *json.SyntaxError:
+		logrus.Debugf("Notary syntax error: %s", err)
+		return fmt.Errorf("Error: no trust data available for remote repository %s. Try running notary server and setting DOCKER_CONTENT_TRUST_SERVER to its HTTPS address?", repoName)
+	case signed.ErrExpired:
+		return fmt.Errorf("Error: remote repository %s out-of-date: %v", repoName, err)
+	case trustmanager.ErrKeyNotFound:
+		return fmt.Errorf("Error: signing keys for remote repository %s not found: %v", repoName, err)
+	case *net.OpError:
+		return fmt.Errorf("Error: error contacting notary server: %v", err)
+	case store.ErrMetaNotFound:
+		return fmt.Errorf("Error: trust data missing for remote repository %s or remote repository not found: %v", repoName, err)
+	case signed.ErrInvalidKeyType:
+		return fmt.Errorf("Warning: potential malicious behavior - trust data mismatch for remote repository %s: %v", repoName, err)
+	case signed.ErrNoKeys:
+		return fmt.Errorf("Error: could not find signing keys for remote repository %s, or could not decrypt signing key: %v", repoName, err)
+	case signed.ErrLowVersion:
+		return fmt.Errorf("Warning: potential malicious behavior - trust data version is lower than expected for remote repository %s: %v", repoName, err)
+	case signed.ErrRoleThreshold:
+		return fmt.Errorf("Warning: potential malicious behavior - trust data has insufficient signatures for remote repository %s: %v", repoName, err)
+	case client.ErrRepositoryNotExist:
+		return fmt.Errorf("Error: remote trust data does not exist for %s: %v", repoName, err)
+	case signed.ErrInsufficientSignatures:
+		return fmt.Errorf("Error: could not produce valid signature for %s.  If Yubikey was used, was touch input provided?: %v", repoName, err)
+	}
+
+	return err
+}
+
+func (cli *DockerCli) trustedPull(repoInfo *registry.RepositoryInfo, ref registry.Reference, authConfig types.AuthConfig, requestPrivilege apiclient.RequestPrivilegeFunc) error {
+	var refs []target
+
+	notaryRepo, err := cli.getNotaryRepository(repoInfo, authConfig, "pull")
+	if err != nil {
+		fmt.Fprintf(cli.out, "Error establishing connection to trust repository: %s\n", err)
+		return err
+	}
+
+	if ref.String() == "" {
+		// List all targets
+		targets, err := notaryRepo.ListTargets(releasesRole, data.CanonicalTargetsRole)
+		if err != nil {
+			return notaryError(repoInfo.FullName(), err)
+		}
+		for _, tgt := range targets {
+			t, err := convertTarget(tgt.Target)
+			if err != nil {
+				fmt.Fprintf(cli.out, "Skipping target for %q\n", repoInfo.Name())
+				continue
+			}
+			// Only list tags in the top level targets role or the releases delegation role - ignore
+			// all other delegation roles
+			if tgt.Role != releasesRole && tgt.Role != data.CanonicalTargetsRole {
+				continue
+			}
+			refs = append(refs, t)
+		}
+		if len(refs) == 0 {
+			return notaryError(repoInfo.FullName(), fmt.Errorf("No trusted tags for %s", repoInfo.FullName()))
+		}
+	} else {
+		t, err := notaryRepo.GetTargetByName(ref.String(), releasesRole, data.CanonicalTargetsRole)
+		if err != nil {
+			return notaryError(repoInfo.FullName(), err)
+		}
+		// Only get the tag if it's in the top level targets role or the releases delegation role
+		// ignore it if it's in any other delegation roles
+		if t.Role != releasesRole && t.Role != data.CanonicalTargetsRole {
+			return notaryError(repoInfo.FullName(), fmt.Errorf("No trust data for %s", ref.String()))
+		}
+
+		logrus.Debugf("retrieving target for %s role\n", t.Role)
+		r, err := convertTarget(t.Target)
+		if err != nil {
+			return err
+
+		}
+		refs = append(refs, r)
+	}
+
+	for i, r := range refs {
+		displayTag := r.reference.String()
+		if displayTag != "" {
+			displayTag = ":" + displayTag
+		}
+		fmt.Fprintf(cli.out, "Pull (%d of %d): %s%s@%s\n", i+1, len(refs), repoInfo.Name(), displayTag, r.digest)
+
+		if err := cli.imagePullPrivileged(authConfig, repoInfo.Name(), r.digest.String(), requestPrivilege); err != nil {
+			return err
+		}
+
+		// If reference is not trusted, tag by trusted reference
+		if !r.reference.HasDigest() {
+			tagged, err := reference.WithTag(repoInfo, r.reference.String())
+			if err != nil {
+				return err
+			}
+			trustedRef, err := reference.WithDigest(repoInfo, r.digest)
+			if err != nil {
+				return err
+			}
+			if err := cli.tagTrusted(trustedRef, tagged); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func (cli *DockerCli) trustedPush(repoInfo *registry.RepositoryInfo, tag string, authConfig types.AuthConfig, requestPrivilege apiclient.RequestPrivilegeFunc) error {
+	responseBody, err := cli.imagePushPrivileged(authConfig, repoInfo.Name(), tag, requestPrivilege)
+	if err != nil {
+		return err
+	}
+
+	defer responseBody.Close()
+
+	// If it is a trusted push we would like to find the target entry which match the
+	// tag provided in the function and then do an AddTarget later.
+	target := &client.Target{}
+	// Count the times of calling for handleTarget,
+	// if it is called more that once, that should be considered an error in a trusted push.
+	cnt := 0
+	handleTarget := func(aux *json.RawMessage) {
+		cnt++
+		if cnt > 1 {
+			// handleTarget should only be called one. This will be treated as an error.
+			return
+		}
+
+		var pushResult distribution.PushResult
+		err := json.Unmarshal(*aux, &pushResult)
+		if err == nil && pushResult.Tag != "" && pushResult.Digest.Validate() == nil {
+			h, err := hex.DecodeString(pushResult.Digest.Hex())
+			if err != nil {
+				target = nil
+				return
+			}
+			target.Name = registry.ParseReference(pushResult.Tag).String()
+			target.Hashes = data.Hashes{string(pushResult.Digest.Algorithm()): h}
+			target.Length = int64(pushResult.Size)
+		}
+	}
+
+	// We want trust signatures to always take an explicit tag,
+	// otherwise it will act as an untrusted push.
+	if tag == "" {
+		if err = jsonmessage.DisplayJSONMessagesStream(responseBody, cli.out, cli.outFd, cli.isTerminalOut, nil); err != nil {
+			return err
+		}
+		fmt.Fprintln(cli.out, "No tag specified, skipping trust metadata push")
+		return nil
+	}
+
+	if err = jsonmessage.DisplayJSONMessagesStream(responseBody, cli.out, cli.outFd, cli.isTerminalOut, handleTarget); err != nil {
+		return err
+	}
+
+	if cnt > 1 {
+		return fmt.Errorf("internal error: only one call to handleTarget expected")
+	}
+
+	if target == nil {
+		fmt.Fprintln(cli.out, "No targets found, please provide a specific tag in order to sign it")
+		return nil
+	}
+
+	fmt.Fprintln(cli.out, "Signing and pushing trust metadata")
+
+	repo, err := cli.getNotaryRepository(repoInfo, authConfig, "push", "pull")
+	if err != nil {
+		fmt.Fprintf(cli.out, "Error establishing connection to notary repository: %s\n", err)
+		return err
+	}
+
+	// get the latest repository metadata so we can figure out which roles to sign
+	_, err = repo.Update(false)
+
+	switch err.(type) {
+	case client.ErrRepoNotInitialized, client.ErrRepositoryNotExist:
+		keys := repo.CryptoService.ListKeys(data.CanonicalRootRole)
+		var rootKeyID string
+		// always select the first root key
+		if len(keys) > 0 {
+			sort.Strings(keys)
+			rootKeyID = keys[0]
+		} else {
+			rootPublicKey, err := repo.CryptoService.Create(data.CanonicalRootRole, "", data.ECDSAKey)
+			if err != nil {
+				return err
+			}
+			rootKeyID = rootPublicKey.ID()
+		}
+
+		// Initialize the notary repository with a remotely managed snapshot key
+		if err := repo.Initialize(rootKeyID, data.CanonicalSnapshotRole); err != nil {
+			return notaryError(repoInfo.FullName(), err)
+		}
+		fmt.Fprintf(cli.out, "Finished initializing %q\n", repoInfo.FullName())
+		err = repo.AddTarget(target, data.CanonicalTargetsRole)
+	case nil:
+		// already initialized and we have successfully downloaded the latest metadata
+		err = cli.addTargetToAllSignableRoles(repo, target)
+	default:
+		return notaryError(repoInfo.FullName(), err)
+	}
+
+	if err == nil {
+		err = repo.Publish()
+	}
+
+	if err != nil {
+		fmt.Fprintf(cli.out, "Failed to sign %q:%s - %s\n", repoInfo.FullName(), tag, err.Error())
+		return notaryError(repoInfo.FullName(), err)
+	}
+
+	fmt.Fprintf(cli.out, "Successfully signed %q:%s\n", repoInfo.FullName(), tag)
+	return nil
+}
+
+// Attempt to add the image target to all the top level delegation roles we can
+// (based on whether we have the signing key and whether the role's path allows
+// us to).
+// If there are no delegation roles, we add to the targets role.
+func (cli *DockerCli) addTargetToAllSignableRoles(repo *client.NotaryRepository, target *client.Target) error {
+	var signableRoles []string
+
+	// translate the full key names, which includes the GUN, into just the key IDs
+	allCanonicalKeyIDs := make(map[string]struct{})
+	for fullKeyID := range repo.CryptoService.ListAllKeys() {
+		allCanonicalKeyIDs[path.Base(fullKeyID)] = struct{}{}
+	}
+
+	allDelegationRoles, err := repo.GetDelegationRoles()
+	if err != nil {
+		return err
+	}
+
+	// if there are no delegation roles, then just try to sign it into the targets role
+	if len(allDelegationRoles) == 0 {
+		return repo.AddTarget(target, data.CanonicalTargetsRole)
+	}
+
+	// there are delegation roles, find every delegation role we have a key for, and
+	// attempt to sign into into all those roles.
+	for _, delegationRole := range allDelegationRoles {
+		// We do not support signing any delegation role that isn't a direct child of the targets role.
+		// Also don't bother checking the keys if we can't add the target
+		// to this role due to path restrictions
+		if path.Dir(delegationRole.Name) != data.CanonicalTargetsRole || !delegationRole.CheckPaths(target.Name) {
+			continue
+		}
+
+		for _, canonicalKeyID := range delegationRole.KeyIDs {
+			if _, ok := allCanonicalKeyIDs[canonicalKeyID]; ok {
+				signableRoles = append(signableRoles, delegationRole.Name)
+				break
+			}
+		}
+	}
+
+	if len(signableRoles) == 0 {
+		return fmt.Errorf("no valid signing keys for delegation roles")
+	}
+
+	return repo.AddTarget(target, signableRoles...)
+}
--- a/cli/command/image/trust_test.go
+++ b/cli/command/image/trust_test.go
@@ -1,12 +1,11 @@
-package image
+package client

 import (
 	"os"
 	"testing"

-	registrytypes "github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/cli/trust"
 	"github.com/docker/docker/registry"
+	registrytypes "github.com/docker/engine-api/types/registry"
 )

 func unsetENV() {
@@ -20,7 +19,7 @@ func TestENVTrustServer(t *testing.T) {
 	if err := os.Setenv("DOCKER_CONTENT_TRUST_SERVER", "https://notary-test.com:5000"); err != nil {
 		t.Fatal("Failed to set ENV variable")
 	}
-	output, err := trust.Server(indexInfo)
+	output, err := trustServer(indexInfo)
 	expectedStr := "https://notary-test.com:5000"
 	if err != nil || output != expectedStr {
 		t.Fatalf("Expected server to be %s, got %s", expectedStr, output)
@@ -33,7 +32,7 @@ func TestHTTPENVTrustServer(t *testing.T) {
 	if err := os.Setenv("DOCKER_CONTENT_TRUST_SERVER", "http://notary-test.com:5000"); err != nil {
 		t.Fatal("Failed to set ENV variable")
 	}
-	_, err := trust.Server(indexInfo)
+	_, err := trustServer(indexInfo)
 	if err == nil {
 		t.Fatal("Expected error with invalid scheme")
 	}
@@ -41,7 +40,7 @@ func TestHTTPENVTrustServer(t *testing.T) {

 func TestOfficialTrustServer(t *testing.T) {
 	indexInfo := &registrytypes.IndexInfo{Name: "testserver", Official: true}
-	output, err := trust.Server(indexInfo)
+	output, err := trustServer(indexInfo)
 	if err != nil || output != registry.NotaryServer {
 		t.Fatalf("Expected server to be %s, got %s", registry.NotaryServer, output)
 	}
@@ -49,7 +48,7 @@ func TestOfficialTrustServer(t *testing.T) {

 func TestNonOfficialTrustServer(t *testing.T) {
 	indexInfo := &registrytypes.IndexInfo{Name: "testserver", Official: false}
-	output, err := trust.Server(indexInfo)
+	output, err := trustServer(indexInfo)
 	expectedStr := "https://" + indexInfo.Name
 	if err != nil || output != expectedStr {
 		t.Fatalf("Expected server to be %s, got %s", expectedStr, output)
--- a/api/client/unpause.go
+++ b/api/client/unpause.go
@@ -0,0 +1,34 @@
+package client
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdUnpause unpauses all processes within a container, for one or more containers.
+//
+// Usage: docker unpause CONTAINER [CONTAINER...]
+func (cli *DockerCli) CmdUnpause(args ...string) error {
+	cmd := Cli.Subcmd("unpause", []string{"CONTAINER [CONTAINER...]"}, Cli.DockerCommands["unpause"].Description, true)
+	cmd.Require(flag.Min, 1)
+
+	cmd.ParseFlags(args, true)
+
+	var errs []string
+	for _, name := range cmd.Args() {
+		if err := cli.client.ContainerUnpause(context.Background(), name); err != nil {
+			errs = append(errs, err.Error())
+		} else {
+			fmt.Fprintf(cli.out, "%s\n", name)
+		}
+	}
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+	return nil
+}
--- a/api/client/update.go
+++ b/api/client/update.go
@@ -0,0 +1,117 @@
+package client
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/runconfig/opts"
+	"github.com/docker/engine-api/types/container"
+	"github.com/docker/go-units"
+)
+
+// CmdUpdate updates resources of one or more containers.
+//
+// Usage: docker update [OPTIONS] CONTAINER [CONTAINER...]
+func (cli *DockerCli) CmdUpdate(args ...string) error {
+	cmd := Cli.Subcmd("update", []string{"CONTAINER [CONTAINER...]"}, Cli.DockerCommands["update"].Description, true)
+	flBlkioWeight := cmd.Uint16([]string{"-blkio-weight"}, 0, "Block IO (relative weight), between 10 and 1000")
+	flCPUPeriod := cmd.Int64([]string{"-cpu-period"}, 0, "Limit CPU CFS (Completely Fair Scheduler) period")
+	flCPUQuota := cmd.Int64([]string{"-cpu-quota"}, 0, "Limit CPU CFS (Completely Fair Scheduler) quota")
+	flCpusetCpus := cmd.String([]string{"-cpuset-cpus"}, "", "CPUs in which to allow execution (0-3, 0,1)")
+	flCpusetMems := cmd.String([]string{"-cpuset-mems"}, "", "MEMs in which to allow execution (0-3, 0,1)")
+	flCPUShares := cmd.Int64([]string{"#c", "-cpu-shares"}, 0, "CPU shares (relative weight)")
+	flMemoryString := cmd.String([]string{"m", "-memory"}, "", "Memory limit")
+	flMemoryReservation := cmd.String([]string{"-memory-reservation"}, "", "Memory soft limit")
+	flMemorySwap := cmd.String([]string{"-memory-swap"}, "", "Swap limit equal to memory plus swap: '-1' to enable unlimited swap")
+	flKernelMemory := cmd.String([]string{"-kernel-memory"}, "", "Kernel memory limit")
+	flRestartPolicy := cmd.String([]string{"-restart"}, "", "Restart policy to apply when a container exits")
+
+	cmd.Require(flag.Min, 1)
+	cmd.ParseFlags(args, true)
+	if cmd.NFlag() == 0 {
+		return fmt.Errorf("You must provide one or more flags when using this command.")
+	}
+
+	var err error
+	var flMemory int64
+	if *flMemoryString != "" {
+		flMemory, err = units.RAMInBytes(*flMemoryString)
+		if err != nil {
+			return err
+		}
+	}
+
+	var memoryReservation int64
+	if *flMemoryReservation != "" {
+		memoryReservation, err = units.RAMInBytes(*flMemoryReservation)
+		if err != nil {
+			return err
+		}
+	}
+
+	var memorySwap int64
+	if *flMemorySwap != "" {
+		if *flMemorySwap == "-1" {
+			memorySwap = -1
+		} else {
+			memorySwap, err = units.RAMInBytes(*flMemorySwap)
+			if err != nil {
+				return err
+			}
+		}
+	}
+
+	var kernelMemory int64
+	if *flKernelMemory != "" {
+		kernelMemory, err = units.RAMInBytes(*flKernelMemory)
+		if err != nil {
+			return err
+		}
+	}
+
+	var restartPolicy container.RestartPolicy
+	if *flRestartPolicy != "" {
+		restartPolicy, err = opts.ParseRestartPolicy(*flRestartPolicy)
+		if err != nil {
+			return err
+		}
+	}
+
+	resources := container.Resources{
+		BlkioWeight:       *flBlkioWeight,
+		CpusetCpus:        *flCpusetCpus,
+		CpusetMems:        *flCpusetMems,
+		CPUShares:         *flCPUShares,
+		Memory:            flMemory,
+		MemoryReservation: memoryReservation,
+		MemorySwap:        memorySwap,
+		KernelMemory:      kernelMemory,
+		CPUPeriod:         *flCPUPeriod,
+		CPUQuota:          *flCPUQuota,
+	}
+
+	updateConfig := container.UpdateConfig{
+		Resources:     resources,
+		RestartPolicy: restartPolicy,
+	}
+
+	names := cmd.Args()
+	var errs []string
+	for _, name := range names {
+		if err := cli.client.ContainerUpdate(context.Background(), name, updateConfig); err != nil {
+			errs = append(errs, err.Error())
+		} else {
+			fmt.Fprintf(cli.out, "%s\n", name)
+		}
+	}
+
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+
+	return nil
+}
--- a/api/client/utils.go
+++ b/api/client/utils.go
@@ -0,0 +1,202 @@
+package client
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	gosignal "os/signal"
+	"path/filepath"
+	"runtime"
+	"time"
+
+	"golang.org/x/net/context"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/pkg/signal"
+	"github.com/docker/docker/pkg/term"
+	"github.com/docker/docker/registry"
+	"github.com/docker/engine-api/client"
+	"github.com/docker/engine-api/types"
+	registrytypes "github.com/docker/engine-api/types/registry"
+)
+
+func (cli *DockerCli) electAuthServer() string {
+	// The daemon `/info` endpoint informs us of the default registry being
+	// used. This is essential in cross-platforms environment, where for
+	// example a Linux client might be interacting with a Windows daemon, hence
+	// the default registry URL might be Windows specific.
+	serverAddress := registry.IndexServer
+	if info, err := cli.client.Info(context.Background()); err != nil {
+		fmt.Fprintf(cli.out, "Warning: failed to get default registry endpoint from daemon (%v). Using system default: %s\n", err, serverAddress)
+	} else {
+		serverAddress = info.IndexServerAddress
+	}
+	return serverAddress
+}
+
+// encodeAuthToBase64 serializes the auth configuration as JSON base64 payload
+func encodeAuthToBase64(authConfig types.AuthConfig) (string, error) {
+	buf, err := json.Marshal(authConfig)
+	if err != nil {
+		return "", err
+	}
+	return base64.URLEncoding.EncodeToString(buf), nil
+}
+
+func (cli *DockerCli) registryAuthenticationPrivilegedFunc(index *registrytypes.IndexInfo, cmdName string) client.RequestPrivilegeFunc {
+	return func() (string, error) {
+		fmt.Fprintf(cli.out, "\nPlease login prior to %s:\n", cmdName)
+		indexServer := registry.GetAuthConfigKey(index)
+		authConfig, err := cli.configureAuth("", "", indexServer, false)
+		if err != nil {
+			return "", err
+		}
+		return encodeAuthToBase64(authConfig)
+	}
+}
+
+func (cli *DockerCli) resizeTty(id string, isExec bool) {
+	height, width := cli.getTtySize()
+	cli.resizeTtyTo(id, height, width, isExec)
+}
+
+func (cli *DockerCli) resizeTtyTo(id string, height, width int, isExec bool) {
+	if height == 0 && width == 0 {
+		return
+	}
+
+	options := types.ResizeOptions{
+		ID:     id,
+		Height: height,
+		Width:  width,
+	}
+
+	var err error
+	if isExec {
+		err = cli.client.ContainerExecResize(context.Background(), options)
+	} else {
+		err = cli.client.ContainerResize(context.Background(), options)
+	}
+
+	if err != nil {
+		logrus.Debugf("Error resize: %s", err)
+	}
+}
+
+// getExitCode perform an inspect on the container. It returns
+// the running state and the exit code.
+func getExitCode(cli *DockerCli, containerID string) (bool, int, error) {
+	c, err := cli.client.ContainerInspect(context.Background(), containerID)
+	if err != nil {
+		// If we can't connect, then the daemon probably died.
+		if err != client.ErrConnectionFailed {
+			return false, -1, err
+		}
+		return false, -1, nil
+	}
+
+	return c.State.Running, c.State.ExitCode, nil
+}
+
+// getExecExitCode perform an inspect on the exec command. It returns
+// the running state and the exit code.
+func getExecExitCode(cli *DockerCli, execID string) (bool, int, error) {
+	resp, err := cli.client.ContainerExecInspect(context.Background(), execID)
+	if err != nil {
+		// If we can't connect, then the daemon probably died.
+		if err != client.ErrConnectionFailed {
+			return false, -1, err
+		}
+		return false, -1, nil
+	}
+
+	return resp.Running, resp.ExitCode, nil
+}
+
+func (cli *DockerCli) monitorTtySize(id string, isExec bool) error {
+	cli.resizeTty(id, isExec)
+
+	if runtime.GOOS == "windows" {
+		go func() {
+			prevH, prevW := cli.getTtySize()
+			for {
+				time.Sleep(time.Millisecond * 250)
+				h, w := cli.getTtySize()
+
+				if prevW != w || prevH != h {
+					cli.resizeTty(id, isExec)
+				}
+				prevH = h
+				prevW = w
+			}
+		}()
+	} else {
+		sigchan := make(chan os.Signal, 1)
+		gosignal.Notify(sigchan, signal.SIGWINCH)
+		go func() {
+			for range sigchan {
+				cli.resizeTty(id, isExec)
+			}
+		}()
+	}
+	return nil
+}
+
+func (cli *DockerCli) getTtySize() (int, int) {
+	if !cli.isTerminalOut {
+		return 0, 0
+	}
+	ws, err := term.GetWinsize(cli.outFd)
+	if err != nil {
+		logrus.Debugf("Error getting size: %s", err)
+		if ws == nil {
+			return 0, 0
+		}
+	}
+	return int(ws.Height), int(ws.Width)
+}
+
+func copyToFile(outfile string, r io.Reader) error {
+	tmpFile, err := ioutil.TempFile(filepath.Dir(outfile), ".docker_temp_")
+	if err != nil {
+		return err
+	}
+
+	tmpPath := tmpFile.Name()
+
+	_, err = io.Copy(tmpFile, r)
+	tmpFile.Close()
+
+	if err != nil {
+		os.Remove(tmpPath)
+		return err
+	}
+
+	if err = os.Rename(tmpPath, outfile); err != nil {
+		os.Remove(tmpPath)
+		return err
+	}
+
+	return nil
+}
+
+// resolveAuthConfig is like registry.ResolveAuthConfig, but if using the
+// default index, it uses the default index name for the daemon's platform,
+// not the client's platform.
+func (cli *DockerCli) resolveAuthConfig(index *registrytypes.IndexInfo) types.AuthConfig {
+	configKey := index.Name
+	if index.Official {
+		configKey = cli.electAuthServer()
+	}
+
+	a, _ := getCredentials(cli.configFile, configKey)
+	return a
+}
+
+func (cli *DockerCli) retrieveAuthConfigs() map[string]types.AuthConfig {
+	acs, _ := getAllCredentials(cli.configFile)
+	return acs
+}
--- a/api/client/version.go
+++ b/api/client/version.go
@@ -0,0 +1,95 @@
+package client
+
+import (
+	"runtime"
+	"text/template"
+	"time"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	"github.com/docker/docker/dockerversion"
+	flag "github.com/docker/docker/pkg/mflag"
+	"github.com/docker/docker/utils"
+	"github.com/docker/docker/utils/templates"
+	"github.com/docker/engine-api/types"
+)
+
+var versionTemplate = `Client:
+ Version:      {{.Client.Version}}
+ API version:  {{.Client.APIVersion}}
+ Go version:   {{.Client.GoVersion}}
+ Git commit:   {{.Client.GitCommit}}
+ Built:        {{.Client.BuildTime}}
+ OS/Arch:      {{.Client.Os}}/{{.Client.Arch}}{{if .Client.Experimental}}
+ Experimental: {{.Client.Experimental}}{{end}}{{if .ServerOK}}
+
+Server:
+ Version:      {{.Server.Version}}
+ API version:  {{.Server.APIVersion}}
+ Go version:   {{.Server.GoVersion}}
+ Git commit:   {{.Server.GitCommit}}
+ Built:        {{.Server.BuildTime}}
+ OS/Arch:      {{.Server.Os}}/{{.Server.Arch}}{{if .Server.Experimental}}
+ Experimental: {{.Server.Experimental}}{{end}}{{end}}`
+
+// CmdVersion shows Docker version information.
+//
+// Available version information is shown for: client Docker version, client API version, client Go version, client Git commit, client OS/Arch, server Docker version, server API version, server Go version, server Git commit, and server OS/Arch.
+//
+// Usage: docker version
+func (cli *DockerCli) CmdVersion(args ...string) (err error) {
+	cmd := Cli.Subcmd("version", nil, Cli.DockerCommands["version"].Description, true)
+	tmplStr := cmd.String([]string{"f", "#format", "-format"}, "", "Format the output using the given go template")
+	cmd.Require(flag.Exact, 0)
+
+	cmd.ParseFlags(args, true)
+
+	templateFormat := versionTemplate
+	if *tmplStr != "" {
+		templateFormat = *tmplStr
+	}
+
+	var tmpl *template.Template
+	if tmpl, err = templates.Parse(templateFormat); err != nil {
+		return Cli.StatusError{StatusCode: 64,
+			Status: "Template parsing error: " + err.Error()}
+	}
+
+	vd := types.VersionResponse{
+		Client: &types.Version{
+			Version:      dockerversion.Version,
+			APIVersion:   cli.client.ClientVersion(),
+			GoVersion:    runtime.Version(),
+			GitCommit:    dockerversion.GitCommit,
+			BuildTime:    dockerversion.BuildTime,
+			Os:           runtime.GOOS,
+			Arch:         runtime.GOARCH,
+			Experimental: utils.ExperimentalBuild(),
+		},
+	}
+
+	serverVersion, err := cli.client.ServerVersion(context.Background())
+	if err == nil {
+		vd.Server = &serverVersion
+	}
+
+	// first we need to make BuildTime more human friendly
+	t, errTime := time.Parse(time.RFC3339Nano, vd.Client.BuildTime)
+	if errTime == nil {
+		vd.Client.BuildTime = t.Format(time.ANSIC)
+	}
+
+	if vd.ServerOK() {
+		t, errTime = time.Parse(time.RFC3339Nano, vd.Server.BuildTime)
+		if errTime == nil {
+			vd.Server.BuildTime = t.Format(time.ANSIC)
+		}
+	}
+
+	if err2 := tmpl.Execute(cli.out, vd); err2 != nil && err == nil {
+		err = err2
+	}
+	cli.out.Write([]byte{'\n'})
+	return err
+}
--- a/api/client/volume.go
+++ b/api/client/volume.go
@@ -0,0 +1,177 @@
+package client
+
+import (
+	"fmt"
+	"sort"
+	"text/tabwriter"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	"github.com/docker/docker/opts"
+	flag "github.com/docker/docker/pkg/mflag"
+	runconfigopts "github.com/docker/docker/runconfig/opts"
+	"github.com/docker/engine-api/types"
+	"github.com/docker/engine-api/types/filters"
+)
+
+// CmdVolume is the parent subcommand for all volume commands
+//
+// Usage: docker volume <COMMAND> <OPTS>
+func (cli *DockerCli) CmdVolume(args ...string) error {
+	description := Cli.DockerCommands["volume"].Description + "\n\nCommands:\n"
+	commands := [][]string{
+		{"create", "Create a volume"},
+		{"inspect", "Return low-level information on a volume"},
+		{"ls", "List volumes"},
+		{"rm", "Remove a volume"},
+	}
+
+	for _, cmd := range commands {
+		description += fmt.Sprintf("  %-25.25s%s\n", cmd[0], cmd[1])
+	}
+
+	description += "\nRun 'docker volume COMMAND --help' for more information on a command"
+	cmd := Cli.Subcmd("volume", []string{"[COMMAND]"}, description, false)
+
+	cmd.Require(flag.Exact, 0)
+	err := cmd.ParseFlags(args, true)
+	cmd.Usage()
+	return err
+}
+
+// CmdVolumeLs outputs a list of Docker volumes.
+//
+// Usage: docker volume ls [OPTIONS]
+func (cli *DockerCli) CmdVolumeLs(args ...string) error {
+	cmd := Cli.Subcmd("volume ls", nil, "List volumes", true)
+
+	quiet := cmd.Bool([]string{"q", "-quiet"}, false, "Only display volume names")
+	flFilter := opts.NewListOpts(nil)
+	cmd.Var(&flFilter, []string{"f", "-filter"}, "Provide filter values (i.e. 'dangling=true')")
+
+	cmd.Require(flag.Exact, 0)
+	cmd.ParseFlags(args, true)
+
+	volFilterArgs := filters.NewArgs()
+	for _, f := range flFilter.GetAll() {
+		var err error
+		volFilterArgs, err = filters.ParseFlag(f, volFilterArgs)
+		if err != nil {
+			return err
+		}
+	}
+
+	volumes, err := cli.client.VolumeList(context.Background(), volFilterArgs)
+	if err != nil {
+		return err
+	}
+
+	w := tabwriter.NewWriter(cli.out, 20, 1, 3, ' ', 0)
+	if !*quiet {
+		for _, warn := range volumes.Warnings {
+			fmt.Fprintln(cli.err, warn)
+		}
+		fmt.Fprintf(w, "DRIVER \tVOLUME NAME")
+		fmt.Fprintf(w, "\n")
+	}
+
+	sort.Sort(byVolumeName(volumes.Volumes))
+	for _, vol := range volumes.Volumes {
+		if *quiet {
+			fmt.Fprintln(w, vol.Name)
+			continue
+		}
+		fmt.Fprintf(w, "%s\t%s\n", vol.Driver, vol.Name)
+	}
+	w.Flush()
+	return nil
+}
+
+type byVolumeName []*types.Volume
+
+func (r byVolumeName) Len() int      { return len(r) }
+func (r byVolumeName) Swap(i, j int) { r[i], r[j] = r[j], r[i] }
+func (r byVolumeName) Less(i, j int) bool {
+	return r[i].Name < r[j].Name
+}
+
+// CmdVolumeInspect displays low-level information on one or more volumes.
+//
+// Usage: docker volume inspect [OPTIONS] VOLUME [VOLUME...]
+func (cli *DockerCli) CmdVolumeInspect(args ...string) error {
+	cmd := Cli.Subcmd("volume inspect", []string{"VOLUME [VOLUME...]"}, "Return low-level information on a volume", true)
+	tmplStr := cmd.String([]string{"f", "-format"}, "", "Format the output using the given go template")
+
+	cmd.Require(flag.Min, 1)
+	cmd.ParseFlags(args, true)
+
+	if err := cmd.Parse(args); err != nil {
+		return nil
+	}
+
+	inspectSearcher := func(name string) (interface{}, []byte, error) {
+		i, err := cli.client.VolumeInspect(context.Background(), name)
+		return i, nil, err
+	}
+
+	return cli.inspectElements(*tmplStr, cmd.Args(), inspectSearcher)
+}
+
+// CmdVolumeCreate creates a new volume.
+//
+// Usage: docker volume create [OPTIONS]
+func (cli *DockerCli) CmdVolumeCreate(args ...string) error {
+	cmd := Cli.Subcmd("volume create", nil, "Create a volume", true)
+	flDriver := cmd.String([]string{"d", "-driver"}, "local", "Specify volume driver name")
+	flName := cmd.String([]string{"-name"}, "", "Specify volume name")
+
+	flDriverOpts := opts.NewMapOpts(nil, nil)
+	cmd.Var(flDriverOpts, []string{"o", "-opt"}, "Set driver specific options")
+
+	flLabels := opts.NewListOpts(nil)
+	cmd.Var(&flLabels, []string{"-label"}, "Set metadata for a volume")
+
+	cmd.Require(flag.Exact, 0)
+	cmd.ParseFlags(args, true)
+
+	volReq := types.VolumeCreateRequest{
+		Driver:     *flDriver,
+		DriverOpts: flDriverOpts.GetAll(),
+		Name:       *flName,
+		Labels:     runconfigopts.ConvertKVStringsToMap(flLabels.GetAll()),
+	}
+
+	vol, err := cli.client.VolumeCreate(context.Background(), volReq)
+	if err != nil {
+		return err
+	}
+
+	fmt.Fprintf(cli.out, "%s\n", vol.Name)
+	return nil
+}
+
+// CmdVolumeRm removes one or more volumes.
+//
+// Usage: docker volume rm VOLUME [VOLUME...]
+func (cli *DockerCli) CmdVolumeRm(args ...string) error {
+	cmd := Cli.Subcmd("volume rm", []string{"VOLUME [VOLUME...]"}, "Remove a volume", true)
+	cmd.Require(flag.Min, 1)
+	cmd.ParseFlags(args, true)
+
+	var status = 0
+
+	for _, name := range cmd.Args() {
+		if err := cli.client.VolumeRemove(context.Background(), name); err != nil {
+			fmt.Fprintf(cli.err, "%s\n", err)
+			status = 1
+			continue
+		}
+		fmt.Fprintf(cli.out, "%s\n", name)
+	}
+
+	if status != 0 {
+		return Cli.StatusError{StatusCode: status}
+	}
+	return nil
+}
--- a/api/client/wait.go
+++ b/api/client/wait.go
@@ -0,0 +1,37 @@
+package client
+
+import (
+	"fmt"
+	"strings"
+
+	"golang.org/x/net/context"
+
+	Cli "github.com/docker/docker/cli"
+	flag "github.com/docker/docker/pkg/mflag"
+)
+
+// CmdWait blocks until a container stops, then prints its exit code.
+//
+// If more than one container is specified, this will wait synchronously on each container.
+//
+// Usage: docker wait CONTAINER [CONTAINER...]
+func (cli *DockerCli) CmdWait(args ...string) error {
+	cmd := Cli.Subcmd("wait", []string{"CONTAINER [CONTAINER...]"}, Cli.DockerCommands["wait"].Description, true)
+	cmd.Require(flag.Min, 1)
+
+	cmd.ParseFlags(args, true)
+
+	var errs []string
+	for _, name := range cmd.Args() {
+		status, err := cli.client.ContainerWait(context.Background(), name)
+		if err != nil {
+			errs = append(errs, err.Error())
+		} else {
+			fmt.Fprintf(cli.out, "%d\n", status)
+		}
+	}
+	if len(errs) > 0 {
+		return fmt.Errorf("%s", strings.Join(errs, "\n"))
+	}
+	return nil
+}
--- a/api/common.go
+++ b/api/common.go
@@ -1,27 +1,27 @@
 package api

 import (
-	"encoding/json"
-	"encoding/pem"
 	"fmt"
 	"mime"
-	"os"
 	"path/filepath"
 	"sort"
 	"strconv"
 	"strings"

 	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/system"
+	"github.com/docker/docker/pkg/version"
+	"github.com/docker/engine-api/types"
 	"github.com/docker/libtrust"
 )

 // Common constants for daemon and client.
 const (
-	// DefaultVersion of Current REST API
-	DefaultVersion string = "1.26"
+	// Version of Current REST API
+	DefaultVersion version.Version = "1.23"
+
+	// MinVersion represents Minimum REST API version supported
+	MinVersion version.Version = "1.12"

 	// NoBaseImageSpecifier is the symbol used by the FROM
 	// command to specify that no base image is to be used.
@@ -54,8 +54,8 @@ func (r byPortInfo) Less(i, j int) bool {
 // it's used by command 'docker ps'
 func DisplayablePorts(ports []types.Port) string {
 	type portGroup struct {
-		first uint16
-		last  uint16
+		first int
+		last  int
 	}
 	groupMap := make(map[string]*portGroup)
 	var result []string
@@ -96,7 +96,7 @@ func DisplayablePorts(ports []types.Port) string {
 	return strings.Join(result, ", ")
 }

-func formGroup(key string, start, last uint16) string {
+func formGroup(key string, start, last int) string {
 	parts := strings.Split(key, "/")
 	groupType := parts[0]
 	var ip string
@@ -104,7 +104,7 @@ func formGroup(key string, start, last uint16) string {
 		ip = parts[0]
 		groupType = parts[1]
 	}
-	group := strconv.Itoa(int(start))
+	group := strconv.Itoa(start)
 	if start != last {
 		group = fmt.Sprintf("%s-%d", group, last)
 	}
@@ -136,11 +136,7 @@ func LoadOrCreateTrustKey(trustKeyPath string) (libtrust.PrivateKey, error) {
 		if err != nil {
 			return nil, fmt.Errorf("Error generating key: %s", err)
 		}
-		encodedKey, err := serializePrivateKey(trustKey, filepath.Ext(trustKeyPath))
-		if err != nil {
-			return nil, fmt.Errorf("Error serializing key: %s", err)
-		}
-		if err := ioutils.AtomicWriteFile(trustKeyPath, encodedKey, os.FileMode(0600)); err != nil {
+		if err := libtrust.SaveKey(trustKeyPath, trustKey); err != nil {
 			return nil, fmt.Errorf("Error saving key file: %s", err)
 		}
 	} else if err != nil {
@@ -148,19 +144,3 @@ func LoadOrCreateTrustKey(trustKeyPath string) (libtrust.PrivateKey, error) {
 	}
 	return trustKey, nil
 }
-
-func serializePrivateKey(key libtrust.PrivateKey, ext string) (encoded []byte, err error) {
-	if ext == ".json" || ext == ".jwk" {
-		encoded, err = json.Marshal(key)
-		if err != nil {
-			return nil, fmt.Errorf("unable to encode private key JWK: %s", err)
-		}
-	} else {
-		pemBlock, err := key.PEMBlock()
-		if err != nil {
-			return nil, fmt.Errorf("unable to encode private key PEM: %s", err)
-		}
-		encoded = pem.EncodeToMemory(pemBlock)
-	}
-	return
-}
--- a/api/common_test.go
+++ b/api/common_test.go
@@ -7,7 +7,7 @@ import (

 	"os"

-	"github.com/docker/docker/api/types"
+	"github.com/docker/engine-api/types"
 )

 type ports struct {
--- a/api/common_unix.go
+++ b/api/common_unix.go
@@ -1,6 +0,0 @@
-// +build !windows
-
-package api
-
-// MinVersion represents Minimum REST API version supported
-const MinVersion string = "1.12"
--- a/api/common_windows.go
+++ b/api/common_windows.go
@@ -1,8 +0,0 @@
-package api
-
-// MinVersion represents Minimum REST API version supported
-// Technically the first daemon API version released on Windows is v1.25 in
-// engine version 1.13. However, some clients are explicitly using downlevel
-// APIs (eg docker-compose v2.1 file format) and that is just too restrictive.
-// Hence also allowing 1.24 on Windows.
-const MinVersion string = "1.24"
--- a/api/errors/errors.go
+++ b/api/errors/errors.go
@@ -1,47 +0,0 @@
-package errors
-
-import "net/http"
-
-// apiError is an error wrapper that also
-// holds information about response status codes.
-type apiError struct {
-	error
-	statusCode int
-}
-
-// HTTPErrorStatusCode returns a status code.
-func (e apiError) HTTPErrorStatusCode() int {
-	return e.statusCode
-}
-
-// NewErrorWithStatusCode allows you to associate
-// a specific HTTP Status Code to an error.
-// The Server will take that code and set
-// it as the response status.
-func NewErrorWithStatusCode(err error, code int) error {
-	return apiError{err, code}
-}
-
-// NewBadRequestError creates a new API error
-// that has the 400 HTTP status code associated to it.
-func NewBadRequestError(err error) error {
-	return NewErrorWithStatusCode(err, http.StatusBadRequest)
-}
-
-// NewRequestForbiddenError creates a new API error
-// that has the 403 HTTP status code associated to it.
-func NewRequestForbiddenError(err error) error {
-	return NewErrorWithStatusCode(err, http.StatusForbidden)
-}
-
-// NewRequestNotFoundError creates a new API error
-// that has the 404 HTTP status code associated to it.
-func NewRequestNotFoundError(err error) error {
-	return NewErrorWithStatusCode(err, http.StatusNotFound)
-}
-
-// NewRequestConflictError creates a new API error
-// that has the 409 HTTP status code associated to it.
-func NewRequestConflictError(err error) error {
-	return NewErrorWithStatusCode(err, http.StatusConflict)
-}
--- a/api/server/httputils/decoder.go
+++ b/api/server/httputils/decoder.go
@@ -1,16 +0,0 @@
-package httputils
-
-import (
-	"io"
-
-	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/api/types/network"
-)
-
-// ContainerDecoder specifies how
-// to translate an io.Reader into
-// container configuration.
-type ContainerDecoder interface {
-	DecodeConfig(src io.Reader) (*container.Config, *container.HostConfig, *network.NetworkingConfig, error)
-	DecodeHostConfig(src io.Reader) (*container.HostConfig, error)
-}
--- a/api/server/httputils/errors.go
+++ b/api/server/httputils/errors.go
@@ -5,10 +5,6 @@ import (
 	"strings"

 	"github.com/Sirupsen/logrus"
-	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/api/types/versions"
-	"github.com/gorilla/mux"
-	"google.golang.org/grpc"
 )

 // httpStatusError is an interface
@@ -28,11 +24,11 @@ type inputValidationError interface {
 	IsValidationError() bool
 }

-// GetHTTPErrorStatusCode retrieves status code from error message
-func GetHTTPErrorStatusCode(err error) int {
-	if err == nil {
-		logrus.WithFields(logrus.Fields{"error": err}).Error("unexpected HTTP error handling")
-		return http.StatusInternalServerError
+// WriteError decodes a specific docker error and sends it in the response.
+func WriteError(w http.ResponseWriter, err error) {
+	if err == nil || w == nil {
+		logrus.WithFields(logrus.Fields{"error": err, "writer": w}).Error("unexpected HTTP error handling")
+		return
 	}

 	var statusCode int
@@ -49,25 +45,17 @@ func GetHTTPErrorStatusCode(err error) int {
 		// If we need to differentiate between different possible error types,
 		// we should create appropriate error types that implement the httpStatusError interface.
 		errStr := strings.ToLower(errMsg)
-		for _, status := range []struct {
-			keyword string
-			code    int
-		}{
-			{"not found", http.StatusNotFound},
-			{"no such", http.StatusNotFound},
-			{"bad parameter", http.StatusBadRequest},
-			{"no command", http.StatusBadRequest},
-			{"conflict", http.StatusConflict},
-			{"impossible", http.StatusNotAcceptable},
-			{"wrong login/password", http.StatusUnauthorized},
-			{"unauthorized", http.StatusUnauthorized},
-			{"hasn't been activated", http.StatusForbidden},
-			{"this node", http.StatusServiceUnavailable},
-			{"needs to be unlocked", http.StatusServiceUnavailable},
-			{"certificates have expired", http.StatusServiceUnavailable},
+		for keyword, status := range map[string]int{
+			"not found":             http.StatusNotFound,
+			"no such":               http.StatusNotFound,
+			"bad parameter":         http.StatusBadRequest,
+			"conflict":              http.StatusConflict,
+			"impossible":            http.StatusNotAcceptable,
+			"wrong login/password":  http.StatusUnauthorized,
+			"hasn't been activated": http.StatusForbidden,
 		} {
-			if strings.Contains(errStr, status.keyword) {
-				statusCode = status.code
+			if strings.Contains(errStr, keyword) {
+				statusCode = status
 				break
 			}
 		}
@@ -77,27 +65,5 @@ func GetHTTPErrorStatusCode(err error) int {
 		statusCode = http.StatusInternalServerError
 	}

-	return statusCode
-}
-
-func apiVersionSupportsJSONErrors(version string) bool {
-	const firstAPIVersionWithJSONErrors = "1.23"
-	return version == "" || versions.GreaterThan(version, firstAPIVersionWithJSONErrors)
-}
-
-// MakeErrorHandler makes an HTTP handler that decodes a Docker error and
-// returns it in the response.
-func MakeErrorHandler(err error) http.HandlerFunc {
-	return func(w http.ResponseWriter, r *http.Request) {
-		statusCode := GetHTTPErrorStatusCode(err)
-		vars := mux.Vars(r)
-		if apiVersionSupportsJSONErrors(vars["version"]) {
-			response := &types.ErrorResponse{
-				Message: err.Error(),
-			}
-			WriteJSON(w, statusCode, response)
-		} else {
-			http.Error(w, grpc.ErrorDesc(err), statusCode)
-		}
-	}
+	http.Error(w, errMsg, statusCode)
 }
--- a/api/server/httputils/httputils.go
+++ b/api/server/httputils/httputils.go
@@ -1,6 +1,7 @@
 package httputils

 import (
+	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
@@ -9,6 +10,7 @@ import (
 	"golang.org/x/net/context"

 	"github.com/docker/docker/api"
+	"github.com/docker/docker/pkg/version"
 )

 // APIVersionKey is the client's requested API version.
@@ -18,7 +20,7 @@ const APIVersionKey = "api-version"
 const UAStringKey = "upstream-user-agent"

 // APIFunc is an adapter to allow the use of ordinary functions as Docker API endpoints.
-// Any function that has the appropriate signature can be registered as an API endpoint (e.g. getVersion).
+// Any function that has the appropriate signature can be registered as a API endpoint (e.g. getVersion).
 type APIFunc func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error

 // HijackConnection interrupts the http response writer to get the
@@ -76,9 +78,24 @@ func ParseForm(r *http.Request) error {
 	return nil
 }

+// ParseMultipartForm ensures the request form is parsed, even with invalid content types.
+func ParseMultipartForm(r *http.Request) error {
+	if err := r.ParseMultipartForm(4096); err != nil && !strings.HasPrefix(err.Error(), "mime:") {
+		return err
+	}
+	return nil
+}
+
+// WriteJSON writes the value v to the http response stream as json with standard json encoding.
+func WriteJSON(w http.ResponseWriter, code int, v interface{}) error {
+	w.Header().Set("Content-Type", "application/json")
+	w.WriteHeader(code)
+	return json.NewEncoder(w).Encode(v)
+}
+
 // VersionFromContext returns an API version from the context using APIVersionKey.
 // It panics if the context value does not have version.Version type.
-func VersionFromContext(ctx context.Context) (ver string) {
+func VersionFromContext(ctx context.Context) (ver version.Version) {
 	if ctx == nil {
 		return
 	}
@@ -86,5 +103,5 @@ func VersionFromContext(ctx context.Context) (ver string) {
 	if val == nil {
 		return
 	}
-	return val.(string)
+	return val.(version.Version)
 }
--- a/api/server/httputils/httputils_write_json.go
+++ b/api/server/httputils/httputils_write_json.go
@@ -1,17 +0,0 @@
-// +build go1.7
-
-package httputils
-
-import (
-	"encoding/json"
-	"net/http"
-)
-
-// WriteJSON writes the value v to the http response stream as json with standard json encoding.
-func WriteJSON(w http.ResponseWriter, code int, v interface{}) error {
-	w.Header().Set("Content-Type", "application/json")
-	w.WriteHeader(code)
-	enc := json.NewEncoder(w)
-	enc.SetEscapeHTML(false)
-	return enc.Encode(v)
-}
--- a/api/server/httputils/httputils_write_json_go16.go
+++ b/api/server/httputils/httputils_write_json_go16.go
@@ -1,16 +0,0 @@
-// +build go1.6,!go1.7
-
-package httputils
-
-import (
-	"encoding/json"
-	"net/http"
-)
-
-// WriteJSON writes the value v to the http response stream as json with standard json encoding.
-func WriteJSON(w http.ResponseWriter, code int, v interface{}) error {
-	w.Header().Set("Content-Type", "application/json")
-	w.WriteHeader(code)
-	enc := json.NewEncoder(w)
-	return enc.Encode(v)
-}
--- a/api/server/middleware.go
+++ b/api/server/middleware.go
@@ -2,23 +2,40 @@ package server

 import (
 	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api"
 	"github.com/docker/docker/api/server/httputils"
 	"github.com/docker/docker/api/server/middleware"
+	"github.com/docker/docker/dockerversion"
+	"github.com/docker/docker/pkg/authorization"
 )

-// handlerWithGlobalMiddlewares wraps the handler function for a request with
+// handleWithGlobalMiddlwares wraps the handler function for a request with
 // the server's global middlewares. The order of the middlewares is backwards,
 // meaning that the first in the list will be evaluated last.
-func (s *Server) handlerWithGlobalMiddlewares(handler httputils.APIFunc) httputils.APIFunc {
+func (s *Server) handleWithGlobalMiddlewares(handler httputils.APIFunc) httputils.APIFunc {
 	next := handler

-	for _, m := range s.middlewares {
-		next = m.WrapHandler(next)
+	handleVersion := middleware.NewVersionMiddleware(dockerversion.Version, api.DefaultVersion, api.MinVersion)
+	next = handleVersion(next)
+
+	if s.cfg.EnableCors {
+		handleCORS := middleware.NewCORSMiddleware(s.cfg.CorsHeaders)
+		next = handleCORS(next)
 	}

+	handleUserAgent := middleware.NewUserAgentMiddleware(s.cfg.Version)
+	next = handleUserAgent(next)
+
+	// Only want this on debug level
 	if s.cfg.Logging && logrus.GetLevel() == logrus.DebugLevel {
 		next = middleware.DebugRequestMiddleware(next)
 	}

+	if len(s.cfg.AuthorizationPluginNames) > 0 {
+		s.authZPlugins = authorization.NewPlugins(s.cfg.AuthorizationPluginNames)
+		handleAuthorization := middleware.NewAuthorizationMiddleware(s.authZPlugins)
+		next = handleAuthorization(next)
+	}
+
 	return next
 }
--- a/api/server/middleware/authorization.go
+++ b/api/server/middleware/authorization.go
@@ -0,0 +1,42 @@
+package middleware
+
+import (
+	"net/http"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/server/httputils"
+	"github.com/docker/docker/pkg/authorization"
+	"golang.org/x/net/context"
+)
+
+// NewAuthorizationMiddleware creates a new Authorization middleware.
+func NewAuthorizationMiddleware(plugins []authorization.Plugin) Middleware {
+	return func(handler httputils.APIFunc) httputils.APIFunc {
+		return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+			// FIXME: fill when authN gets in
+			// User and UserAuthNMethod are taken from AuthN plugins
+			// Currently tracked in https://github.com/docker/docker/pull/13994
+			user := ""
+			userAuthNMethod := ""
+			authCtx := authorization.NewCtx(plugins, user, userAuthNMethod, r.Method, r.RequestURI)
+
+			if err := authCtx.AuthZRequest(w, r); err != nil {
+				logrus.Errorf("AuthZRequest for %s %s returned error: %s", r.Method, r.RequestURI, err)
+				return err
+			}
+
+			rw := authorization.NewResponseModifier(w)
+
+			if err := handler(ctx, rw, r, vars); err != nil {
+				logrus.Errorf("Handler for %s %s returned error: %s", r.Method, r.RequestURI, err)
+				return err
+			}
+
+			if err := authCtx.AuthZResponse(rw, r); err != nil {
+				logrus.Errorf("AuthZResponse for %s %s returned error: %s", r.Method, r.RequestURI, err)
+				return err
+			}
+			return nil
+		}
+	}
+}
--- a/api/server/middleware/cors.go
+++ b/api/server/middleware/cors.go
@@ -4,34 +4,30 @@ import (
 	"net/http"

 	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/server/httputils"
 	"golang.org/x/net/context"
 )

-// CORSMiddleware injects CORS headers to each request
-// when it's configured.
-type CORSMiddleware struct {
-	defaultHeaders string
-}
+// NewCORSMiddleware creates a new CORS middleware.
+func NewCORSMiddleware(defaultHeaders string) Middleware {
+	return func(handler httputils.APIFunc) httputils.APIFunc {
+		return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+			// If "api-cors-header" is not given, but "api-enable-cors" is true, we set cors to "*"
+			// otherwise, all head values will be passed to HTTP handler
+			corsHeaders := defaultHeaders
+			if corsHeaders == "" {
+				corsHeaders = "*"
+			}

-// NewCORSMiddleware creates a new CORSMiddleware with default headers.
-func NewCORSMiddleware(d string) CORSMiddleware {
-	return CORSMiddleware{defaultHeaders: d}
-}
-
-// WrapHandler returns a new handler function wrapping the previous one in the request chain.
-func (c CORSMiddleware) WrapHandler(handler func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-		// If "api-cors-header" is not given, but "api-enable-cors" is true, we set cors to "*"
-		// otherwise, all head values will be passed to HTTP handler
-		corsHeaders := c.defaultHeaders
-		if corsHeaders == "" {
-			corsHeaders = "*"
+			writeCorsHeaders(w, r, corsHeaders)
+			return handler(ctx, w, r, vars)
 		}
-
-		logrus.Debugf("CORS header is enabled and set to: %s", corsHeaders)
-		w.Header().Add("Access-Control-Allow-Origin", corsHeaders)
-		w.Header().Add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, X-Registry-Auth")
-		w.Header().Add("Access-Control-Allow-Methods", "HEAD, GET, POST, DELETE, PUT, OPTIONS")
-		return handler(ctx, w, r, vars)
 	}
 }
+
+func writeCorsHeaders(w http.ResponseWriter, r *http.Request, corsHeaders string) {
+	logrus.Debugf("CORS header is enabled and set to: %s", corsHeaders)
+	w.Header().Add("Access-Control-Allow-Origin", corsHeaders)
+	w.Header().Add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, X-Registry-Auth")
+	w.Header().Add("Access-Control-Allow-Methods", "HEAD, GET, POST, DELETE, PUT, OPTIONS")
+}
--- a/api/server/middleware/debug.go
+++ b/api/server/middleware/debug.go
@@ -5,7 +5,6 @@ import (
 	"encoding/json"
 	"io"
 	"net/http"
-	"strings"

 	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/api/server/httputils"
@@ -14,7 +13,7 @@ import (
 )

 // DebugRequestMiddleware dumps the request to logger
-func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+func DebugRequestMiddleware(handler httputils.APIFunc) httputils.APIFunc {
 	return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
 		logrus.Debugf("Calling %s %s", r.Method, r.RequestURI)

@@ -41,7 +40,9 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri

 		var postForm map[string]interface{}
 		if err := json.Unmarshal(b, &postForm); err == nil {
-			maskSecretKeys(postForm)
+			if _, exists := postForm["password"]; exists {
+				postForm["password"] = "*****"
+			}
 			formStr, errMarshal := json.Marshal(postForm)
 			if errMarshal == nil {
 				logrus.Debugf("form data: %s", string(formStr))
@@ -53,24 +54,3 @@ func DebugRequestMiddleware(handler func(ctx context.Context, w http.ResponseWri
 		return handler(ctx, w, r, vars)
 	}
 }
-
-func maskSecretKeys(inp interface{}) {
-	if arr, ok := inp.([]interface{}); ok {
-		for _, f := range arr {
-			maskSecretKeys(f)
-		}
-		return
-	}
-	if form, ok := inp.(map[string]interface{}); ok {
-	loop0:
-		for k, v := range form {
-			for _, m := range []string{"password", "secret", "jointoken", "unlockkey"} {
-				if strings.EqualFold(m, k) {
-					form[k] = "*****"
-					continue loop0
-				}
-			}
-			maskSecretKeys(v)
-		}
-	}
-}
--- a/api/server/middleware/experimental.go
+++ b/api/server/middleware/experimental.go
@@ -1,29 +0,0 @@
-package middleware
-
-import (
-	"net/http"
-
-	"golang.org/x/net/context"
-)
-
-// ExperimentalMiddleware is a the middleware in charge of adding the
-// 'Docker-Experimental' header to every outgoing request
-type ExperimentalMiddleware struct {
-	experimental string
-}
-
-// NewExperimentalMiddleware creates a new ExperimentalMiddleware
-func NewExperimentalMiddleware(experimentalEnabled bool) ExperimentalMiddleware {
-	if experimentalEnabled {
-		return ExperimentalMiddleware{"true"}
-	}
-	return ExperimentalMiddleware{"false"}
-}
-
-// WrapHandler returns a new handler function wrapping the previous one in the request chain.
-func (e ExperimentalMiddleware) WrapHandler(handler func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-	return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
-		w.Header().Set("Docker-Experimental", e.experimental)
-		return handler(ctx, w, r, vars)
-	}
-}
--- a/api/server/middleware/middleware.go
+++ b/api/server/middleware/middleware.go
@@ -1,13 +1,7 @@
 package middleware

-import (
-	"net/http"
+import "github.com/docker/docker/api/server/httputils"

-	"golang.org/x/net/context"
-)
-
-// Middleware is an interface to allow the use of ordinary functions as Docker API filters.
-// Any struct that has the appropriate signature can be registered as a middleware.
-type Middleware interface {
-	WrapHandler(func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error
-}
+// Middleware is an adapter to allow the use of ordinary functions as Docker API filters.
+// Any function that has the appropriate signature can be registered as a middleware.
+type Middleware func(handler httputils.APIFunc) httputils.APIFunc
--- a/api/server/middleware/user_agent.go
+++ b/api/server/middleware/user_agent.go
@@ -0,0 +1,37 @@
+package middleware
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/Sirupsen/logrus"
+	"github.com/docker/docker/api/server/httputils"
+	"github.com/docker/docker/pkg/version"
+	"golang.org/x/net/context"
+)
+
+// NewUserAgentMiddleware creates a new UserAgent middleware.
+func NewUserAgentMiddleware(versionCheck string) Middleware {
+	serverVersion := version.Version(versionCheck)
+
+	return func(handler httputils.APIFunc) httputils.APIFunc {
+		return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {
+			ctx = context.WithValue(ctx, httputils.UAStringKey, r.Header.Get("User-Agent"))
+
+			if strings.Contains(r.Header.Get("User-Agent"), "Docker-Client/") {
+				userAgent := strings.Split(r.Header.Get("User-Agent"), "/")
+
+				// v1.20 onwards includes the GOOS of the client after the version
+				// such as Docker/1.7.0 (linux)
+				if len(userAgent) == 2 && strings.Contains(userAgent[1], " ") {
+					userAgent[1] = strings.Split(userAgent[1], " ")[0]
+				}
+
+				if len(userAgent) == 2 && !serverVersion.Equal(version.Version(userAgent[1])) {
+					logrus.Debugf("Client and server don't have the same version (client: %s, server: %s)", userAgent[1], serverVersion)
+				}
+			}
+			return handler(ctx, w, r, vars)
+		}
+	}
+}
--- a/Show More
+++ b/Show More