Merge component 'cli' from git@github.com:docker/cli master

components/cli/cli/command/cli.go

@@ -18,11 +18,11 @@ import (
 	"github.com/docker/docker/client"
 	"github.com/docker/go-connections/sockets"
 	"github.com/docker/go-connections/tlsconfig"
-	"github.com/docker/notary"
-	notaryclient "github.com/docker/notary/client"
-	"github.com/docker/notary/passphrase"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
+	"github.com/theupdateframework/notary"
+	notaryclient "github.com/theupdateframework/notary/client"
+	"github.com/theupdateframework/notary/passphrase"
 	"golang.org/x/net/context"
 )
 

components/cli/cli/command/image/trust.go

@@ -14,11 +14,11 @@ import (
 	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/docker/docker/registry"
-	"github.com/docker/notary/client"
-	"github.com/docker/notary/tuf/data"
 	digest "github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	"github.com/theupdateframework/notary/client"
+	"github.com/theupdateframework/notary/tuf/data"
 	"golang.org/x/net/context"
 )
 
@@ -148,7 +148,7 @@ func PushTrustedReference(streams command.Streams, repoInfo *registry.Repository
 		return trust.NotaryError(repoInfo.Name.Name(), err)
 	}
 
-	fmt.Fprintf(streams.Out(), "Successfully signed %q:%s\n", repoInfo.Name.Name(), tag)
+	fmt.Fprintf(streams.Out(), "Successfully signed %s:%s\n", repoInfo.Name.Name(), tag)
 	return nil
 }
 

components/cli/cli/command/image/trust_test.go

@@ -8,11 +8,11 @@ import (
 	"github.com/docker/cli/cli/trust"
 	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/registry"
-	"github.com/docker/notary/client"
-	"github.com/docker/notary/passphrase"
-	"github.com/docker/notary/trustpinning"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"github.com/theupdateframework/notary/client"
+	"github.com/theupdateframework/notary/passphrase"
+	"github.com/theupdateframework/notary/trustpinning"
 )
 
 func unsetENV() {

components/cli/cli/command/service/trust.go

@@ -8,10 +8,10 @@ import (
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types/swarm"
 	"github.com/docker/docker/registry"
-	"github.com/docker/notary/tuf/data"
 	"github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	"github.com/theupdateframework/notary/tuf/data"
 	"golang.org/x/net/context"
 )
 

components/cli/cli/command/service/update.go

@@ -92,7 +92,7 @@ func newUpdateCommand(dockerCli command.Cli) *cobra.Command {
 	flags.SetAnnotation(flagDNSOptionAdd, "version", []string{"1.25"})
 	flags.Var(&options.dnsSearch, flagDNSSearchAdd, "Add or update a custom DNS search domain")
 	flags.SetAnnotation(flagDNSSearchAdd, "version", []string{"1.25"})
-	flags.Var(&options.hosts, flagHostAdd, "Add or update a custom host-to-IP mapping (host:ip)")
+	flags.Var(&options.hosts, flagHostAdd, "Add a custom host-to-IP mapping (host:ip)")
 	flags.SetAnnotation(flagHostAdd, "version", []string{"1.25"})
 
 	return cmd
@@ -868,6 +868,10 @@ func updateReplicas(flags *pflag.FlagSet, serviceMode *swarm.ServiceMode) error
 	return nil
 }
 
+// updateHosts performs a diff between existing host entries, entries to be
+// removed, and entries to be added. Host entries preserve the order in which they
+// were added, as the specification mentions that in case multiple entries for a
+// host exist, the first entry should be used (by default).
 func updateHosts(flags *pflag.FlagSet, hosts *[]string) error {
 	// Combine existing Hosts (in swarmkit format) with the host to add (convert to swarmkit format)
 	if flags.Changed(flagHostAdd) {
@@ -902,9 +906,6 @@ func updateHosts(flags *pflag.FlagSet, hosts *[]string) error {
 		}
 	}
 
-	// Sort so that result is predictable.
-	sort.Strings(newHosts)
-
 	*hosts = newHosts
 	return nil
 }

components/cli/cli/command/service/update_test.go

@@ -366,12 +366,23 @@ func TestUpdateHosts(t *testing.T) {
 	testutil.ErrorContains(t, flags.Set("host-add", "$example.com$"), `bad format for add-host: "$example.com$"`)
 
 	hosts := []string{"1.2.3.4 example.com", "4.3.2.1 example.org", "2001:db8:abc8::1 example.net"}
+	expected := []string{"1.2.3.4 example.com", "4.3.2.1 example.org", "2001:db8:abc8::1 ipv6.net"}
 
-	updateHosts(flags, &hosts)
-	require.Len(t, hosts, 3)
-	assert.Equal(t, "1.2.3.4 example.com", hosts[0])
-	assert.Equal(t, "2001:db8:abc8::1 ipv6.net", hosts[1])
-	assert.Equal(t, "4.3.2.1 example.org", hosts[2])
+	err := updateHosts(flags, &hosts)
+	assert.NoError(t, err)
+	assert.Equal(t, expected, hosts)
+}
+
+func TestUpdateHostsPreservesOrder(t *testing.T) {
+	flags := newUpdateCommand(nil).Flags()
+	flags.Set("host-add", "foobar:127.0.0.2")
+	flags.Set("host-add", "foobar:127.0.0.1")
+	flags.Set("host-add", "foobar:127.0.0.3")
+
+	hosts := []string{}
+	err := updateHosts(flags, &hosts)
+	assert.NoError(t, err)
+	assert.Equal(t, []string{"127.0.0.2 foobar", "127.0.0.1 foobar", "127.0.0.3 foobar"}, hosts)
 }
 
 func TestUpdatePortsRmWithProtocol(t *testing.T) {

components/cli/cli/command/trust/client_test.go

@@ -2,14 +2,14 @@ package trust
 
 import (
 	"github.com/docker/cli/cli/trust"
-	"github.com/docker/notary/client"
-	"github.com/docker/notary/client/changelist"
-	"github.com/docker/notary/cryptoservice"
-	"github.com/docker/notary/passphrase"
-	"github.com/docker/notary/storage"
-	"github.com/docker/notary/trustmanager"
-	"github.com/docker/notary/tuf/data"
-	"github.com/docker/notary/tuf/signed"
+	"github.com/theupdateframework/notary/client"
+	"github.com/theupdateframework/notary/client/changelist"
+	"github.com/theupdateframework/notary/cryptoservice"
+	"github.com/theupdateframework/notary/passphrase"
+	"github.com/theupdateframework/notary/storage"
+	"github.com/theupdateframework/notary/trustmanager"
+	"github.com/theupdateframework/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/signed"
 )
 
 // Sample mock CLI interfaces

components/cli/cli/command/trust/helpers.go

@@ -4,8 +4,8 @@ import (
 	"strings"
 
 	"github.com/docker/cli/cli/trust"
-	"github.com/docker/notary/client"
-	"github.com/docker/notary/tuf/data"
+	"github.com/theupdateframework/notary/client"
+	"github.com/theupdateframework/notary/tuf/data"
 )
 
 const releasedRoleName = "Repo Admin"

components/cli/cli/command/trust/helpers_test.go

@@ -5,9 +5,9 @@ import (
 	"os"
 	"testing"
 
-	"github.com/docker/notary/client"
-	"github.com/docker/notary/passphrase"
-	"github.com/docker/notary/trustpinning"
+	"github.com/theupdateframework/notary/client"
+	"github.com/theupdateframework/notary/passphrase"
+	"github.com/theupdateframework/notary/trustpinning"
 
 	"github.com/stretchr/testify/assert"
 )

components/cli/cli/command/trust/key_generate.go

@@ -12,12 +12,12 @@ import (
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/trust"
-	"github.com/docker/notary"
-	"github.com/docker/notary/trustmanager"
-	"github.com/docker/notary/tuf/data"
-	tufutils "github.com/docker/notary/tuf/utils"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
+	"github.com/theupdateframework/notary"
+	"github.com/theupdateframework/notary/trustmanager"
+	"github.com/theupdateframework/notary/tuf/data"
+	tufutils "github.com/theupdateframework/notary/tuf/utils"
 )
 
 type keyGenerateOptions struct {

components/cli/cli/command/trust/key_generate_test.go

@@ -11,11 +11,11 @@ import (
 	"github.com/docker/cli/cli/config"
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/cli/internal/test/testutil"
-	"github.com/docker/notary"
-	"github.com/docker/notary/passphrase"
-	"github.com/docker/notary/trustmanager"
-	tufutils "github.com/docker/notary/tuf/utils"
 	"github.com/stretchr/testify/assert"
+	"github.com/theupdateframework/notary"
+	"github.com/theupdateframework/notary/passphrase"
+	"github.com/theupdateframework/notary/trustmanager"
+	tufutils "github.com/theupdateframework/notary/tuf/utils"
 )
 
 func TestTrustKeyGenerateErrors(t *testing.T) {

components/cli/cli/command/trust/key_load.go

@@ -10,12 +10,12 @@ import (
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/trust"
-	"github.com/docker/notary"
-	"github.com/docker/notary/storage"
-	"github.com/docker/notary/trustmanager"
-	tufutils "github.com/docker/notary/tuf/utils"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
+	"github.com/theupdateframework/notary"
+	"github.com/theupdateframework/notary/storage"
+	"github.com/theupdateframework/notary/trustmanager"
+	tufutils "github.com/theupdateframework/notary/tuf/utils"
 )
 
 const (

components/cli/cli/command/trust/key_load_test.go

@@ -11,12 +11,12 @@ import (
 	"github.com/docker/cli/cli/config"
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/cli/internal/test/testutil"
-	"github.com/docker/notary"
-	"github.com/docker/notary/passphrase"
-	"github.com/docker/notary/storage"
-	"github.com/docker/notary/trustmanager"
-	tufutils "github.com/docker/notary/tuf/utils"
 	"github.com/stretchr/testify/assert"
+	"github.com/theupdateframework/notary"
+	"github.com/theupdateframework/notary/passphrase"
+	"github.com/theupdateframework/notary/storage"
+	"github.com/theupdateframework/notary/trustmanager"
+	tufutils "github.com/theupdateframework/notary/tuf/utils"
 )
 
 func TestTrustKeyLoadErrors(t *testing.T) {

components/cli/cli/command/trust/revoke.go

@@ -9,10 +9,10 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/image"
 	"github.com/docker/cli/cli/trust"
-	"github.com/docker/notary/client"
-	"github.com/docker/notary/tuf/data"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
+	"github.com/theupdateframework/notary/client"
+	"github.com/theupdateframework/notary/tuf/data"
 )
 
 type revokeOptions struct {

components/cli/cli/command/trust/revoke_test.go

@@ -7,11 +7,11 @@ import (
 
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/cli/internal/test/testutil"
-	"github.com/docker/notary/client"
-	"github.com/docker/notary/passphrase"
-	"github.com/docker/notary/trustpinning"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"github.com/theupdateframework/notary/client"
+	"github.com/theupdateframework/notary/passphrase"
+	"github.com/theupdateframework/notary/trustpinning"
 )
 
 func TestTrustRevokeCommandErrors(t *testing.T) {

components/cli/cli/command/trust/sign.go

@@ -12,10 +12,10 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/image"
 	"github.com/docker/cli/cli/trust"
-	"github.com/docker/notary/client"
-	"github.com/docker/notary/tuf/data"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
+	"github.com/theupdateframework/notary/client"
+	"github.com/theupdateframework/notary/tuf/data"
 )
 
 func newSignCommand(dockerCli command.Cli) *cobra.Command {
@@ -99,9 +99,9 @@ func signAndPublishToTarget(out io.Writer, imgRefAndAuth trust.ImageRefAndAuth,
 		err = notaryRepo.Publish()
 	}
 	if err != nil {
-		return errors.Wrapf(err, "failed to sign %q:%s", imgRefAndAuth.RepoInfo().Name.Name(), tag)
+		return errors.Wrapf(err, "failed to sign %s:%s", imgRefAndAuth.RepoInfo().Name.Name(), tag)
 	}
-	fmt.Fprintf(out, "Successfully signed %q:%s\n", imgRefAndAuth.RepoInfo().Name.Name(), tag)
+	fmt.Fprintf(out, "Successfully signed %s:%s\n", imgRefAndAuth.RepoInfo().Name.Name(), tag)
 	return nil
 }
 

components/cli/cli/command/trust/sign_test.go

@@ -12,14 +12,14 @@ import (
 	"github.com/docker/cli/cli/trust"
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/cli/internal/test/testutil"
-	"github.com/docker/notary"
-	"github.com/docker/notary/client"
-	"github.com/docker/notary/client/changelist"
-	"github.com/docker/notary/passphrase"
-	"github.com/docker/notary/trustpinning"
-	"github.com/docker/notary/tuf/data"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"github.com/theupdateframework/notary"
+	"github.com/theupdateframework/notary/client"
+	"github.com/theupdateframework/notary/client/changelist"
+	"github.com/theupdateframework/notary/passphrase"
+	"github.com/theupdateframework/notary/trustpinning"
+	"github.com/theupdateframework/notary/tuf/data"
 )
 
 const passwd = "password"

components/cli/cli/command/trust/signer_add.go

@@ -15,11 +15,11 @@ import (
 	"github.com/docker/cli/cli/command/image"
 	"github.com/docker/cli/cli/trust"
 	"github.com/docker/cli/opts"
-	"github.com/docker/notary/client"
-	"github.com/docker/notary/tuf/data"
-	tufutils "github.com/docker/notary/tuf/utils"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
+	"github.com/theupdateframework/notary/client"
+	"github.com/theupdateframework/notary/tuf/data"
+	tufutils "github.com/theupdateframework/notary/tuf/utils"
 )
 
 type signerAddOptions struct {

components/cli/cli/command/trust/signer_add_test.go

@@ -10,8 +10,8 @@ import (
 	"github.com/docker/cli/cli/config"
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/cli/internal/test/testutil"
-	"github.com/docker/notary"
 	"github.com/stretchr/testify/assert"
+	"github.com/theupdateframework/notary"
 )
 
 func TestTrustSignerAddErrors(t *testing.T) {

components/cli/cli/command/trust/signer_remove.go

@@ -10,10 +10,10 @@ import (
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/image"
 	"github.com/docker/cli/cli/trust"
-	"github.com/docker/notary/client"
-	"github.com/docker/notary/tuf/data"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
+	"github.com/theupdateframework/notary/client"
+	"github.com/theupdateframework/notary/tuf/data"
 )
 
 type signerRemoveOptions struct {

components/cli/cli/command/trust/signer_remove_test.go

@@ -6,9 +6,9 @@ import (
 
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/cli/internal/test/testutil"
-	"github.com/docker/notary/client"
-	"github.com/docker/notary/tuf/data"
 	"github.com/stretchr/testify/assert"
+	"github.com/theupdateframework/notary/client"
+	"github.com/theupdateframework/notary/tuf/data"
 )
 
 func TestTrustSignerRemoveErrors(t *testing.T) {

components/cli/cli/command/trust/view.go

@@ -13,11 +13,11 @@ import (
 	"github.com/docker/cli/cli/command/formatter"
 	"github.com/docker/cli/cli/command/image"
 	"github.com/docker/cli/cli/trust"
-	"github.com/docker/notary"
-	"github.com/docker/notary/client"
-	"github.com/docker/notary/tuf/data"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
+	"github.com/theupdateframework/notary"
+	"github.com/theupdateframework/notary/client"
+	"github.com/theupdateframework/notary/tuf/data"
 )
 
 // trustTagKey represents a unique signed tag and hex-encoded hash pair

components/cli/cli/command/trust/view_test.go

@@ -9,11 +9,11 @@ import (
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/cli/internal/test/testutil"
 	dockerClient "github.com/docker/docker/client"
-	"github.com/docker/notary"
-	"github.com/docker/notary/client"
-	"github.com/docker/notary/tuf/data"
 	"github.com/gotestyourself/gotestyourself/golden"
 	"github.com/stretchr/testify/assert"
+	"github.com/theupdateframework/notary"
+	"github.com/theupdateframework/notary/client"
+	"github.com/theupdateframework/notary/tuf/data"
 )
 
 type fakeClient struct {

components/cli/cli/compose/convert/service.go

@@ -133,7 +133,7 @@ func Service(
 				Command:         service.Entrypoint,
 				Args:            service.Command,
 				Hostname:        service.Hostname,
-				Hosts:           sortStrings(convertExtraHosts(service.ExtraHosts)),
+				Hosts:           convertExtraHosts(service.ExtraHosts),
 				DNSConfig:       dnsConfig,
 				Healthcheck:     healthcheck,
 				Env:             sortStrings(convertEnvironment(service.Environment)),
@@ -365,10 +365,15 @@ func uint32Ptr(value uint32) *uint32 {
 	return &value
 }
 
-func convertExtraHosts(extraHosts map[string]string) []string {
+// convertExtraHosts converts <host>:<ip> mappings to SwarmKit notation:
+// "IP-address hostname(s)". The original order of mappings is preserved.
+func convertExtraHosts(extraHosts composetypes.HostsList) []string {
 	hosts := []string{}
-	for host, ip := range extraHosts {
-		hosts = append(hosts, fmt.Sprintf("%s %s", ip, host))
+	for _, hostIP := range extraHosts {
+		if v := strings.SplitN(hostIP, ":", 2); len(v) == 2 {
+			// Convert to SwarmKit notation: IP-address hostname(s)
+			hosts = append(hosts, fmt.Sprintf("%s %s", v[1], v[0]))
+		}
 	}
 	return hosts
 }

components/cli/cli/compose/convert/service_test.go

@@ -57,6 +57,15 @@ func TestConvertEnvironment(t *testing.T) {
 	assert.Equal(t, []string{"foo=bar", "key=value"}, env)
 }
 
+func TestConvertExtraHosts(t *testing.T) {
+	source := composetypes.HostsList{
+		"zulu:127.0.0.2",
+		"alpha:127.0.0.1",
+		"zulu:ff02::1",
+	}
+	assert.Equal(t, []string{"127.0.0.2 zulu", "127.0.0.1 alpha", "ff02::1 zulu"}, convertExtraHosts(source))
+}
+
 func TestConvertResourcesFull(t *testing.T) {
 	source := composetypes.Resources{
 		Limits: &composetypes.Resource{

components/cli/cli/compose/loader/loader.go

@@ -244,6 +244,7 @@ func createTransformHook() mapstructure.DecodeHookFuncType {
 		reflect.TypeOf(types.MappingWithEquals{}):                transformMappingOrListFunc("=", true),
 		reflect.TypeOf(types.Labels{}):                           transformMappingOrListFunc("=", false),
 		reflect.TypeOf(types.MappingWithColon{}):                 transformMappingOrListFunc(":", false),
+		reflect.TypeOf(types.HostsList{}):                        transformListOrMappingFunc(":", false),
 		reflect.TypeOf(types.ServiceVolumeConfig{}):              transformServiceVolumeConfig,
 		reflect.TypeOf(types.BuildConfig{}):                      transformBuildConfig,
 	}
@@ -647,6 +648,22 @@ func transformMappingOrListFunc(sep string, allowNil bool) func(interface{}) (in
 	}
 }
 
+func transformListOrMappingFunc(sep string, allowNil bool) func(interface{}) (interface{}, error) {
+	return func(data interface{}) (interface{}, error) {
+		return transformListOrMapping(data, sep, allowNil), nil
+	}
+}
+
+func transformListOrMapping(listOrMapping interface{}, sep string, allowNil bool) interface{} {
+	switch value := listOrMapping.(type) {
+	case map[string]interface{}:
+		return toStringList(value, sep, allowNil)
+	case []interface{}:
+		return listOrMapping
+	}
+	panic(errors.Errorf("expected a map or a list, got %T: %#v", listOrMapping, listOrMapping))
+}
+
 func transformMappingOrList(mappingOrList interface{}, sep string, allowNil bool) interface{} {
 	switch value := mappingOrList.(type) {
 	case map[string]interface{}:
@@ -749,3 +766,15 @@ func toString(value interface{}, allowNil bool) interface{} {
 		return ""
 	}
 }
+
+func toStringList(value map[string]interface{}, separator string, allowNil bool) []string {
+	output := []string{}
+	for key, value := range value {
+		if value == nil && !allowNil {
+			continue
+		}
+		output = append(output, fmt.Sprintf("%s%s%s", key, separator, value))
+	}
+	sort.Strings(output)
+	return output
+}

components/cli/cli/compose/loader/loader_test.go

@@ -916,9 +916,9 @@ func TestFullExample(t *testing.T) {
 			"project_db_1:mysql",
 			"project_db_1:postgresql",
 		},
-		ExtraHosts: map[string]string{
-			"otherhost": "50.31.209.229",
-			"somehost":  "162.242.195.82",
+		ExtraHosts: []string{
+			"somehost:162.242.195.82",
+			"otherhost:50.31.209.229",
 		},
 		HealthCheck: &types.HealthCheckConfig{
 			Test:        types.HealthCheckTest([]string{"CMD-SHELL", "echo \"hello world\""}),
@@ -1362,3 +1362,47 @@ volumes:
 	assert.Len(t, config.Services[0].Volumes, 1)
 	assert.Equal(t, expected, config.Services[0].Volumes[0])
 }
+
+func TestLoadExtraHostsMap(t *testing.T) {
+	config, err := loadYAML(`
+version: "3.2"
+services:
+  web:
+    image: busybox
+    extra_hosts:
+      "zulu": "162.242.195.82"
+      "alpha": "50.31.209.229"
+`)
+	require.NoError(t, err)
+
+	expected := types.HostsList{
+		"alpha:50.31.209.229",
+		"zulu:162.242.195.82",
+	}
+
+	require.Len(t, config.Services, 1)
+	assert.Equal(t, expected, config.Services[0].ExtraHosts)
+}
+
+func TestLoadExtraHostsList(t *testing.T) {
+	config, err := loadYAML(`
+version: "3.2"
+services:
+  web:
+    image: busybox
+    extra_hosts:
+      - "zulu:162.242.195.82"
+      - "alpha:50.31.209.229"
+      - "zulu:ff02::1"
+`)
+	require.NoError(t, err)
+
+	expected := types.HostsList{
+		"zulu:162.242.195.82",
+		"alpha:50.31.209.229",
+		"zulu:ff02::1",
+	}
+
+	require.Len(t, config.Services, 1)
+	assert.Equal(t, expected, config.Services[0].ExtraHosts)
+}

components/cli/cli/compose/types/types.go

@@ -97,8 +97,8 @@ type ServiceConfig struct {
 	Environment     MappingWithEquals
 	EnvFile         StringList `mapstructure:"env_file"`
 	Expose          StringOrNumberList
-	ExternalLinks   []string         `mapstructure:"external_links"`
-	ExtraHosts      MappingWithColon `mapstructure:"extra_hosts"`
+	ExternalLinks   []string  `mapstructure:"external_links"`
+	ExtraHosts      HostsList `mapstructure:"extra_hosts"`
 	Hostname        string
 	HealthCheck     *HealthCheckConfig
 	Image           string
@@ -162,6 +162,9 @@ type Labels map[string]string
 // 'key: value' strings
 type MappingWithColon map[string]string
 
+// HostsList is a list of colon-separated host-ip mappings
+type HostsList []string
+
 // LoggingConfig the logging configuration for a service
 type LoggingConfig struct {
 	Driver  string

components/cli/cli/trust/trust.go

@@ -20,17 +20,17 @@ import (
 	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/registry"
 	"github.com/docker/go-connections/tlsconfig"
-	"github.com/docker/notary"
-	"github.com/docker/notary/client"
-	"github.com/docker/notary/passphrase"
-	"github.com/docker/notary/storage"
-	"github.com/docker/notary/trustmanager"
-	"github.com/docker/notary/trustpinning"
-	"github.com/docker/notary/tuf/data"
-	"github.com/docker/notary/tuf/signed"
 	digest "github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
+	"github.com/theupdateframework/notary"
+	"github.com/theupdateframework/notary/client"
+	"github.com/theupdateframework/notary/passphrase"
+	"github.com/theupdateframework/notary/storage"
+	"github.com/theupdateframework/notary/trustmanager"
+	"github.com/theupdateframework/notary/trustpinning"
+	"github.com/theupdateframework/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/signed"
 	"golang.org/x/net/context"
 )
 

components/cli/cli/trust/trust_test.go

@@ -6,12 +6,12 @@ import (
 	"testing"
 
 	"github.com/docker/distribution/reference"
-	"github.com/docker/notary/client"
-	"github.com/docker/notary/passphrase"
-	"github.com/docker/notary/trustpinning"
 	digest "github.com/opencontainers/go-digest"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"github.com/theupdateframework/notary/client"
+	"github.com/theupdateframework/notary/passphrase"
+	"github.com/theupdateframework/notary/trustpinning"
 )
 
 func TestGetTag(t *testing.T) {

components/cli/docs/reference/commandline/service_update.md

@@ -49,7 +49,7 @@ Options:
       --health-start-period duration       Start period for the container to initialize before counting retries towards unstable (ms|s|m|h)
       --health-timeout duration            Maximum time to allow one check to run (ms|s|m|h)
       --help                               Print usage
-      --host-add list                      Add or update a custom host-to-IP mapping (host:ip)
+      --host-add list                      Add a custom host-to-IP mapping (host:ip)
       --host-rm list                       Remove a custom host-to-IP mapping (host:ip)
       --hostname string                    Container hostname
       --image string                       Service image tag

components/cli/docs/reference/commandline/trust_sign.md

@@ -60,7 +60,7 @@ a3fbb648f0bd: Layer already exists
 v2: digest: sha256:8f6f460abf0436922df7eb06d28b3cdf733d2cac1a185456c26debbff0839c56 size: 1787
 Signing and pushing trust metadata
 Enter passphrase for repository key with ID 36d4c36:
-Successfully signed "docker.io/example/trust-demo":v2
+Successfully signed docker.io/example/trust-demo:v2
 ```
 
 `docker trust view` lists the new signature:
@@ -111,7 +111,7 @@ e5d2f035d7a4: Layer already exists
 v1: digest: sha256:74d4bfa917d55d53c7df3d2ab20a8d926874d61c3da5ef6de15dd2654fc467c4 size: 1357
 Signing and pushing trust metadata
 Enter passphrase for delegation key with ID 27d42a8:
-Successfully signed "docker.io/example/trust-demo":v1
+Successfully signed docker.io/example/trust-demo:v1
 ```
 
 `docker trust view` lists the new signature:
@@ -162,7 +162,7 @@ a3fbb648f0bd: Layer already exists
 v1: digest: sha256:8f6f460abf0436922df7eb06d28b3cdf733d2cac1a185456c26debbff0839c56 size: 1787
 Signing and pushing trust metadata
 Enter passphrase for alice key with ID 6d52b29:
-Successfully signed "docker.io/example/trust-demo":v1
+Successfully signed docker.io/example/trust-demo:v1
 ```
 
 ```bash

components/cli/internal/test/cli.go

@@ -11,7 +11,7 @@ import (
 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/docker/cli/cli/trust"
 	"github.com/docker/docker/client"
-	notaryclient "github.com/docker/notary/client"
+	notaryclient "github.com/theupdateframework/notary/client"
 )
 
 type notaryClientFuncType func(imgRefAndAuth trust.ImageRefAndAuth, actions []string) (notaryclient.Repository, error)

components/cli/vendor.conf

@@ -14,7 +14,6 @@ github.com/docker/go d30aec9fd63c35133f8f79c3412ad91a3b08be06
 github.com/docker/go-connections 3ede32e2033de7505e6500d6c868c2b9ed9f169d
 github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9
 github.com/docker/go-units 9e638d38cf6977a37a8ea0078f3ee75a7cdb2dd1
-github.com/docker/notary 5d55a30c1bec010a8c6df4c09889acfb4e0a7942
 github.com/docker/swarmkit 872861d2ae46958af7ead1d5fffb092c73afbaf0
 github.com/flynn-archive/go-shlex 3f9db97f856818214da2e1057f8ad84803971cff
 github.com/gogo/protobuf v0.4
@@ -40,6 +39,7 @@ github.com/sirupsen/logrus v1.0.3
 github.com/spf13/cobra 7b2c5ac9fc04fc5efafb60700713d4fa609b777b
 github.com/spf13/pflag 97afa5e7ca8a08a383cb259e06636b5e2cc7897f
 github.com/stretchr/testify 4d4bfba8f1d1027c4fdbe371823030df51419987
+github.com/theupdateframework/notary 05985dc5d1c71ee6c387e9cd276a00b9d424af53
 github.com/tonistiigi/fsutil dea3a0da73aee887fc02142d995be764106ac5e2
 github.com/xeipuuv/gojsonpointer e0fe6f68307607d540ed8eac07a342c33fa1b54a
 github.com/xeipuuv/gojsonreference e02fc20de94c78484cd5ffb007f8af96be030a45

components/cli/vendor/github.com/theupdateframework/notary/README.md

@@ -1,11 +1,22 @@
-# Notary
-[![Circle CI](https://circleci.com/gh/docker/notary/tree/master.svg?style=shield)](https://circleci.com/gh/docker/notary/tree/master) [![CodeCov](https://codecov.io/github/docker/notary/coverage.svg?branch=master)](https://codecov.io/github/docker/notary) [![GoReportCard](https://goreportcard.com/badge/docker/notary)](https://goreportcard.com/report/github.com/docker/notary)
+<img src="docs/images/notary-blk.svg" alt="Notary" width="400px"/>
+
+[![Circle CI](https://circleci.com/gh/theupdateframework/notary/tree/master.svg?style=shield)](https://circleci.com/gh/theupdateframework/notary/tree/master) [![CodeCov](https://codecov.io/github/theupdateframework/notary/coverage.svg?branch=master)](https://codecov.io/github/theupdateframework/notary) [![GoReportCard](https://goreportcard.com/badge/theupdateframework/notary)](https://goreportcard.com/report/github.com/theupdateframework/notary)
+
+# Notice
+
+The Notary project has officially been accepted in to the Cloud Native Computing Foundation (CNCF).
+It has moved to https://github.com/theupdateframework/notary. Any downstream consumers should update
+their Go imports to use this new location, which will be the canonical location going forward.
+
+We have moved the repo in GitHub, which will allow existing importers to continue using the old
+location via GitHub's redirect.
+
+# Overview
 
 The Notary project comprises a [server](cmd/notary-server) and a [client](cmd/notary) for running and interacting
 with trusted collections.  Please see the [service architecture](docs/service_architecture.md) documentation
 for more information.
 
-
 Notary aims to make the internet more secure by making it easy for people to
 publish and verify content. We often rely on TLS to secure our communications
 with a web server which is inherently flawed, as any compromise of the server
@@ -41,7 +52,7 @@ Any security vulnerabilities can be reported to security@docker.com.
 
 # Getting started with the Notary CLI
 
-Please get the Notary Client CLI binary from [the official releases page](https://github.com/docker/notary/releases) or you can [build one yourself](#building-notary).
+Please get the Notary Client CLI binary from [the official releases page](https://github.com/theupdateframework/notary/releases) or you can [build one yourself](#building-notary).
 The version of Notary server and signer should be greater than or equal to Notary CLI's version to ensure feature compatibility (ex: CLI version 0.2, server/signer version >= 0.2), and all official releases are associated with GitHub tags.
 
 To use the Notary CLI with Docker hub images, please have a look at our
@@ -53,7 +64,7 @@ For more advanced usage, please see the
 To use the CLI against a local Notary server rather than against Docker Hub:
 
 1. Please ensure that you have [docker and docker-compose](http://docs.docker.com/compose/install/) installed.
-1. `git clone https://github.com/docker/notary.git` and from the cloned repository path,
+1. `git clone https://github.com/theupdateframework/notary.git` and from the cloned repository path,
     start up a local Notary server and signer and copy the config file and testing certs to your
     local notary config directory:
 
@@ -78,8 +89,8 @@ to use `notary` with Docker images.
 
 ## Building Notary
 
-Note that our [latest stable release](https://github.com/docker/notary/releases) is at the head of the
-[releases branch](https://github.com/docker/notary/tree/releases).  The master branch is the development
+Note that our [latest stable release](https://github.com/theupdateframework/notary/releases) is at the head of the
+[releases branch](https://github.com/theupdateframework/notary/tree/releases).  The master branch is the development
 branch and contains features for the next release.
 
 Prerequisites:
@@ -102,4 +113,4 @@ $GOPATH/
                 notary/
 ```
 
-To build the server and signer, please run `docker-compose build`.
+To build the server and signer, please run `docker-compose build`.

components/cli/vendor/github.com/theupdateframework/notary/client/changelist/change.go

@@ -1,7 +1,7 @@
 package changelist
 
 import (
-	"github.com/docker/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/data"
 )
 
 // Scopes for TUFChanges are simply the TUF roles.

components/cli/vendor/github.com/theupdateframework/notary/client/changelist/interface.go

@@ -1,6 +1,6 @@
 package changelist
 
-import "github.com/docker/notary/tuf/data"
+import "github.com/theupdateframework/notary/tuf/data"
 
 // Changelist is the interface for all TUF change lists
 type Changelist interface {

components/cli/vendor/github.com/theupdateframework/notary/client/client.go

@@ -17,9 +17,9 @@ Use this package by creating a new repository object and calling methods on it.
 		"github.com/docker/distribution/registry/client/auth"
 		"github.com/docker/distribution/registry/client/auth/challenge"
 		"github.com/docker/distribution/registry/client/transport"
-		notary "github.com/docker/notary/client"
-		"github.com/docker/notary/trustpinning"
-		"github.com/docker/notary/tuf/data"
+		notary "github.com/theupdateframework/notary/client"
+		"github.com/theupdateframework/notary/trustpinning"
+		"github.com/theupdateframework/notary/tuf/data"
 	)
 
 	func main() {
@@ -98,16 +98,16 @@ import (
 	"time"
 
 	canonicaljson "github.com/docker/go/canonical/json"
-	"github.com/docker/notary"
-	"github.com/docker/notary/client/changelist"
-	"github.com/docker/notary/cryptoservice"
-	store "github.com/docker/notary/storage"
-	"github.com/docker/notary/trustpinning"
-	"github.com/docker/notary/tuf"
-	"github.com/docker/notary/tuf/data"
-	"github.com/docker/notary/tuf/signed"
-	"github.com/docker/notary/tuf/utils"
 	"github.com/sirupsen/logrus"
+	"github.com/theupdateframework/notary"
+	"github.com/theupdateframework/notary/client/changelist"
+	"github.com/theupdateframework/notary/cryptoservice"
+	store "github.com/theupdateframework/notary/storage"
+	"github.com/theupdateframework/notary/trustpinning"
+	"github.com/theupdateframework/notary/tuf"
+	"github.com/theupdateframework/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/signed"
+	"github.com/theupdateframework/notary/tuf/utils"
 )
 
 const (

components/cli/vendor/github.com/theupdateframework/notary/client/delegations.go

@@ -4,12 +4,12 @@ import (
 	"encoding/json"
 	"fmt"
 
-	"github.com/docker/notary"
-	"github.com/docker/notary/client/changelist"
-	store "github.com/docker/notary/storage"
-	"github.com/docker/notary/tuf/data"
-	"github.com/docker/notary/tuf/utils"
 	"github.com/sirupsen/logrus"
+	"github.com/theupdateframework/notary"
+	"github.com/theupdateframework/notary/client/changelist"
+	store "github.com/theupdateframework/notary/storage"
+	"github.com/theupdateframework/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/utils"
 )
 
 // AddDelegation creates changelist entries to add provided delegation public keys and paths.

components/cli/vendor/github.com/theupdateframework/notary/client/errors.go

@@ -3,7 +3,7 @@ package client
 import (
 	"fmt"
 
-	"github.com/docker/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/data"
 )
 
 // ErrRepoNotInitialized is returned when trying to publish an uninitialized

components/cli/vendor/github.com/theupdateframework/notary/client/helpers.go

@@ -6,13 +6,13 @@ import (
 	"net/http"
 	"time"
 
-	"github.com/docker/notary/client/changelist"
-	store "github.com/docker/notary/storage"
-	"github.com/docker/notary/tuf"
-	"github.com/docker/notary/tuf/data"
-	"github.com/docker/notary/tuf/signed"
-	"github.com/docker/notary/tuf/utils"
 	"github.com/sirupsen/logrus"
+	"github.com/theupdateframework/notary/client/changelist"
+	store "github.com/theupdateframework/notary/storage"
+	"github.com/theupdateframework/notary/tuf"
+	"github.com/theupdateframework/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/signed"
+	"github.com/theupdateframework/notary/tuf/utils"
 )
 
 // Use this to initialize remote HTTPStores from the config settings

components/cli/vendor/github.com/theupdateframework/notary/client/interface.go

@@ -1,9 +1,9 @@
 package client
 
 import (
-	"github.com/docker/notary/client/changelist"
-	"github.com/docker/notary/tuf/data"
-	"github.com/docker/notary/tuf/signed"
+	"github.com/theupdateframework/notary/client/changelist"
+	"github.com/theupdateframework/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/signed"
 )
 
 // Repository represents the set of options that must be supported over a TUF repo.

components/cli/vendor/github.com/theupdateframework/notary/client/repo.go

@@ -5,8 +5,8 @@ package client
 import (
 	"fmt"
 
-	"github.com/docker/notary"
-	"github.com/docker/notary/trustmanager"
+	"github.com/theupdateframework/notary"
+	"github.com/theupdateframework/notary/trustmanager"
 )
 
 func getKeyStores(baseDir string, retriever notary.PassRetriever) ([]trustmanager.KeyStore, error) {

components/cli/vendor/github.com/theupdateframework/notary/client/repo_pkcs11.go

@@ -5,9 +5,9 @@ package client
 import (
 	"fmt"
 
-	"github.com/docker/notary"
-	"github.com/docker/notary/trustmanager"
-	"github.com/docker/notary/trustmanager/yubikey"
+	"github.com/theupdateframework/notary"
+	"github.com/theupdateframework/notary/trustmanager"
+	"github.com/theupdateframework/notary/trustmanager/yubikey"
 )
 
 func getKeyStores(baseDir string, retriever notary.PassRetriever) ([]trustmanager.KeyStore, error) {

components/cli/vendor/github.com/theupdateframework/notary/client/tufclient.go

@@ -4,13 +4,13 @@ import (
 	"encoding/json"
 	"fmt"
 
-	"github.com/docker/notary"
-	store "github.com/docker/notary/storage"
-	"github.com/docker/notary/trustpinning"
-	"github.com/docker/notary/tuf"
-	"github.com/docker/notary/tuf/data"
-	"github.com/docker/notary/tuf/signed"
 	"github.com/sirupsen/logrus"
+	"github.com/theupdateframework/notary"
+	store "github.com/theupdateframework/notary/storage"
+	"github.com/theupdateframework/notary/trustpinning"
+	"github.com/theupdateframework/notary/tuf"
+	"github.com/theupdateframework/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/signed"
 )
 
 // tufClient is a usability wrapper around a raw TUF repo

components/cli/vendor/github.com/theupdateframework/notary/client/witness.go

@@ -1,9 +1,9 @@
 package client
 
 import (
-	"github.com/docker/notary/client/changelist"
-	"github.com/docker/notary/tuf"
-	"github.com/docker/notary/tuf/data"
+	"github.com/theupdateframework/notary/client/changelist"
+	"github.com/theupdateframework/notary/tuf"
+	"github.com/theupdateframework/notary/tuf/data"
 )
 
 // Witness creates change objects to witness (i.e. re-sign) the given

components/cli/vendor/github.com/theupdateframework/notary/cryptoservice/certificate.go

@@ -7,8 +7,8 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/docker/notary/tuf/data"
-	"github.com/docker/notary/tuf/utils"
+	"github.com/theupdateframework/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/utils"
 )
 
 // GenerateCertificate generates an X509 Certificate from a template, given a GUN and validity interval

components/cli/vendor/github.com/theupdateframework/notary/cryptoservice/crypto_service.go

@@ -6,11 +6,11 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/docker/notary"
-	"github.com/docker/notary/trustmanager"
-	"github.com/docker/notary/tuf/data"
-	"github.com/docker/notary/tuf/utils"
 	"github.com/sirupsen/logrus"
+	"github.com/theupdateframework/notary"
+	"github.com/theupdateframework/notary/trustmanager"
+	"github.com/theupdateframework/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/utils"
 )
 
 var (

components/cli/vendor/github.com/theupdateframework/notary/passphrase/passphrase.go

@@ -11,7 +11,7 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/docker/notary"
+	"github.com/theupdateframework/notary"
 	"golang.org/x/crypto/ssh/terminal"
 )
 

components/cli/vendor/github.com/theupdateframework/notary/storage/filestore.go

@@ -10,8 +10,8 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/docker/notary"
 	"github.com/sirupsen/logrus"
+	"github.com/theupdateframework/notary"
 )
 
 // NewFileStore creates a fully configurable file store

components/cli/vendor/github.com/theupdateframework/notary/storage/httpstore.go

@@ -3,7 +3,7 @@
 // - Response bodies for error codes should be unmarshallable as:
 //   {"errors": [{..., "detail": <serialized validation error>}]}
 //   else validation error details, etc. will be unparsable.  The errors
-//   should have a github.com/docker/notary/tuf/validation/SerializableError
+//   should have a github.com/theupdateframework/notary/tuf/validation/SerializableError
 //   in the Details field.
 //   If writing your own server, please have a look at
 //   github.com/docker/distribution/registry/api/errcode
@@ -22,10 +22,10 @@ import (
 	"net/url"
 	"path"
 
-	"github.com/docker/notary"
-	"github.com/docker/notary/tuf/data"
-	"github.com/docker/notary/tuf/validation"
 	"github.com/sirupsen/logrus"
+	"github.com/theupdateframework/notary"
+	"github.com/theupdateframework/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/validation"
 )
 
 const (

components/cli/vendor/github.com/theupdateframework/notary/storage/interfaces.go

@@ -1,7 +1,7 @@
 package storage
 
 import (
-	"github.com/docker/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/data"
 )
 
 // NoSizeLimit is represented as -1 for arguments to GetMeta

components/cli/vendor/github.com/theupdateframework/notary/storage/memorystore.go

@@ -5,9 +5,9 @@ import (
 	"encoding/json"
 	"fmt"
 
-	"github.com/docker/notary"
-	"github.com/docker/notary/tuf/data"
-	"github.com/docker/notary/tuf/utils"
+	"github.com/theupdateframework/notary"
+	"github.com/theupdateframework/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/utils"
 )
 
 // NewMemoryStore returns a MetadataStore that operates entirely in memory.

components/cli/vendor/github.com/theupdateframework/notary/storage/offlinestore.go

@@ -1,7 +1,7 @@
 package storage
 
 import (
-	"github.com/docker/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/data"
 )
 
 // ErrOffline is used to indicate we are operating offline

components/cli/vendor/github.com/theupdateframework/notary/trustmanager/interfaces.go

@@ -1,7 +1,7 @@
 package trustmanager
 
 import (
-	"github.com/docker/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/data"
 )
 
 // Storage implements the bare bones primitives (no hierarchy)

components/cli/vendor/github.com/theupdateframework/notary/trustmanager/keys.go

@@ -9,10 +9,10 @@ import (
 	"sort"
 	"strings"
 
-	"github.com/docker/notary"
-	tufdata "github.com/docker/notary/tuf/data"
-	"github.com/docker/notary/tuf/utils"
 	"github.com/sirupsen/logrus"
+	"github.com/theupdateframework/notary"
+	tufdata "github.com/theupdateframework/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/utils"
 )
 
 // Exporter is a simple interface for the two functions we need from the Storage interface

components/cli/vendor/github.com/theupdateframework/notary/trustmanager/keystore.go

@@ -6,11 +6,11 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/docker/notary"
-	store "github.com/docker/notary/storage"
-	"github.com/docker/notary/tuf/data"
-	"github.com/docker/notary/tuf/utils"
 	"github.com/sirupsen/logrus"
+	"github.com/theupdateframework/notary"
+	store "github.com/theupdateframework/notary/storage"
+	"github.com/theupdateframework/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/utils"
 )
 
 type keyInfoMap map[string]KeyInfo

components/cli/vendor/github.com/theupdateframework/notary/trustmanager/yubikey/import.go

@@ -6,10 +6,10 @@ import (
 	"encoding/pem"
 	"errors"
 
-	"github.com/docker/notary"
-	"github.com/docker/notary/trustmanager"
-	"github.com/docker/notary/tuf/data"
-	"github.com/docker/notary/tuf/utils"
+	"github.com/theupdateframework/notary"
+	"github.com/theupdateframework/notary/trustmanager"
+	"github.com/theupdateframework/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/utils"
 )
 
 // YubiImport is a wrapper around the YubiStore that allows us to import private

components/cli/vendor/github.com/theupdateframework/notary/trustmanager/yubikey/yubikeystore.go

@@ -16,13 +16,13 @@ import (
 	"os"
 	"time"
 
-	"github.com/docker/notary"
-	"github.com/docker/notary/trustmanager"
-	"github.com/docker/notary/tuf/data"
-	"github.com/docker/notary/tuf/signed"
-	"github.com/docker/notary/tuf/utils"
 	"github.com/miekg/pkcs11"
 	"github.com/sirupsen/logrus"
+	"github.com/theupdateframework/notary"
+	"github.com/theupdateframework/notary/trustmanager"
+	"github.com/theupdateframework/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/signed"
+	"github.com/theupdateframework/notary/tuf/utils"
 )
 
 const (

components/cli/vendor/github.com/theupdateframework/notary/trustpinning/certs.go

@@ -6,10 +6,10 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/docker/notary/tuf/data"
-	"github.com/docker/notary/tuf/signed"
-	"github.com/docker/notary/tuf/utils"
 	"github.com/sirupsen/logrus"
+	"github.com/theupdateframework/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/signed"
+	"github.com/theupdateframework/notary/tuf/utils"
 )
 
 const wildcard = "*"

components/cli/vendor/github.com/theupdateframework/notary/trustpinning/trustpin.go

@@ -5,9 +5,9 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/docker/notary/tuf/data"
-	"github.com/docker/notary/tuf/utils"
 	"github.com/sirupsen/logrus"
+	"github.com/theupdateframework/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/utils"
 )
 
 // TrustPinConfig represents the configuration under the trust_pinning section of the config file

components/cli/vendor/github.com/theupdateframework/notary/tuf/builder.go

@@ -4,12 +4,12 @@ import (
 	"fmt"
 
 	"github.com/docker/go/canonical/json"
-	"github.com/docker/notary"
+	"github.com/theupdateframework/notary"
 
-	"github.com/docker/notary/trustpinning"
-	"github.com/docker/notary/tuf/data"
-	"github.com/docker/notary/tuf/signed"
-	"github.com/docker/notary/tuf/utils"
+	"github.com/theupdateframework/notary/trustpinning"
+	"github.com/theupdateframework/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/signed"
+	"github.com/theupdateframework/notary/tuf/utils"
 )
 
 // ErrBuildDone is returned when any functions are called on RepoBuilder, and it

components/cli/vendor/github.com/theupdateframework/notary/tuf/data/snapshot.go

@@ -5,8 +5,8 @@ import (
 	"fmt"
 
 	"github.com/docker/go/canonical/json"
-	"github.com/docker/notary"
 	"github.com/sirupsen/logrus"
+	"github.com/theupdateframework/notary"
 )
 
 // SignedSnapshot is a fully unpacked snapshot.json

components/cli/vendor/github.com/theupdateframework/notary/tuf/data/timestamp.go

@@ -5,7 +5,7 @@ import (
 	"fmt"
 
 	"github.com/docker/go/canonical/json"
-	"github.com/docker/notary"
+	"github.com/theupdateframework/notary"
 )
 
 // SignedTimestamp is a fully unpacked timestamp.json

components/cli/vendor/github.com/theupdateframework/notary/tuf/data/types.go

@@ -15,8 +15,8 @@ import (
 	"time"
 
 	"github.com/docker/go/canonical/json"
-	"github.com/docker/notary"
 	"github.com/sirupsen/logrus"
+	"github.com/theupdateframework/notary"
 )
 
 // GUN is a Globally Unique Name. It is used to identify trust collections.

components/cli/vendor/github.com/theupdateframework/notary/tuf/signed/ed25519.go

@@ -4,9 +4,9 @@ import (
 	"crypto/rand"
 	"errors"
 
-	"github.com/docker/notary/trustmanager"
-	"github.com/docker/notary/tuf/data"
-	"github.com/docker/notary/tuf/utils"
+	"github.com/theupdateframework/notary/trustmanager"
+	"github.com/theupdateframework/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/utils"
 )
 
 type edCryptoKey struct {

components/cli/vendor/github.com/theupdateframework/notary/tuf/signed/errors.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/docker/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/data"
 )
 
 // ErrInsufficientSignatures - can not create enough signatures on a piece of

components/cli/vendor/github.com/theupdateframework/notary/tuf/signed/interface.go

@@ -1,6 +1,6 @@
 package signed
 
-import "github.com/docker/notary/tuf/data"
+import "github.com/theupdateframework/notary/tuf/data"
 
 // KeyService provides management of keys locally. It will never
 // accept or provide private keys. Communication between the KeyService

components/cli/vendor/github.com/theupdateframework/notary/tuf/signed/sign.go

@@ -14,10 +14,10 @@ package signed
 import (
 	"crypto/rand"
 
-	"github.com/docker/notary/trustmanager"
-	"github.com/docker/notary/tuf/data"
-	"github.com/docker/notary/tuf/utils"
 	"github.com/sirupsen/logrus"
+	"github.com/theupdateframework/notary/trustmanager"
+	"github.com/theupdateframework/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/utils"
 )
 
 // Sign takes a data.Signed and a cryptoservice containing private keys,

components/cli/vendor/github.com/theupdateframework/notary/tuf/signed/verifiers.go

@@ -11,8 +11,8 @@ import (
 	"math/big"
 
 	"github.com/agl/ed25519"
-	"github.com/docker/notary/tuf/data"
 	"github.com/sirupsen/logrus"
+	"github.com/theupdateframework/notary/tuf/data"
 )
 
 const (

components/cli/vendor/github.com/theupdateframework/notary/tuf/signed/verify.go

@@ -7,9 +7,9 @@ import (
 	"time"
 
 	"github.com/docker/go/canonical/json"
-	"github.com/docker/notary/tuf/data"
-	"github.com/docker/notary/tuf/utils"
 	"github.com/sirupsen/logrus"
+	"github.com/theupdateframework/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/utils"
 )
 
 // Various basic signing errors

components/cli/vendor/github.com/theupdateframework/notary/tuf/tuf.go

@@ -8,11 +8,11 @@ import (
 	"strings"
 	"time"
 
-	"github.com/docker/notary"
-	"github.com/docker/notary/tuf/data"
-	"github.com/docker/notary/tuf/signed"
-	"github.com/docker/notary/tuf/utils"
 	"github.com/sirupsen/logrus"
+	"github.com/theupdateframework/notary"
+	"github.com/theupdateframework/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/signed"
+	"github.com/theupdateframework/notary/tuf/utils"
 )
 
 // ErrSigVerifyFail - signature verification failed

components/cli/vendor/github.com/theupdateframework/notary/tuf/utils/pkcs8.go

@@ -48,7 +48,7 @@ import (
 
 	"golang.org/x/crypto/pbkdf2"
 
-	"github.com/docker/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/data"
 )
 
 // Copy from crypto/x509

components/cli/vendor/github.com/theupdateframework/notary/tuf/utils/utils.go

@@ -7,7 +7,7 @@ import (
 	"fmt"
 	"io"
 
-	"github.com/docker/notary/tuf/data"
+	"github.com/theupdateframework/notary/tuf/data"
 )
 
 // StrSliceContains checks if the given string appears in the slice

components/cli/vendor/github.com/theupdateframework/notary/tuf/utils/x509.go

@@ -17,9 +17,9 @@ import (
 	"time"
 
 	"github.com/agl/ed25519"
-	"github.com/docker/notary"
-	"github.com/docker/notary/tuf/data"
 	"github.com/sirupsen/logrus"
+	"github.com/theupdateframework/notary"
+	"github.com/theupdateframework/notary/tuf/data"
 )
 
 // CanonicalKeyID returns the ID of the public bytes version of a TUF key.