Merge pull request #321 from seemethere/bump_version_17_11_0

[17.11] bump version to 17.11.0-ce

.gitignore

@@ -0,0 +1 @@
+.helpers/

CHANGELOG.md

@@ -5,4 +5,75 @@ information on the list of deprecated flags and APIs please have a look at
 https://docs.docker.com/engine/deprecated/ where target removal dates can also
 be found.
 
-## 17.09.0-ce (2017-09-DD)
+## 17.11.0-ce (2017-11-20)
+
+IMPORTANT: Docker CE 17.11 is the first Docker release based on
+[containerd 1.0 beta](https://github.com/containerd/containerd/releases/tag/v1.0.0-beta.2).
+Docker CE 17.11 and later won't recognize containers started with
+previous Docker versions. If using
+[Live Restore](https://docs.docker.com/engine/admin/live-restore/#enable-the-live-restore-option),
+you must stop all containers before upgrading to Docker CE 17.11.
+If you don't, any containers started by Docker versions that predate
+17.11 won't be recognized by Docker after the upgrade and will keep
+running, un-managed, on the system.
+
+### Builder
+
+* Test & Fix build with rm/force-rm matrix [moby/moby#35139](https://github.com/moby/moby/pull/35139)
+- Fix build with `--stream` with a large context [moby/moby#35404](https://github.com/moby/moby/pull/35404)
+
+### Client
+
+* Hide help flag from help output [docker/cli#645](https://github.com/docker/cli/pull/645)
+* Support parsing of named pipes for compose volumes [docker/cli#560](https://github.com/docker/cli/pull/560)
+* [Compose] Cast values to expected type after interpolating values [docker/cli#601](https://github.com/docker/cli/pull/601)
++ Add output for "secrets" and "configs" on `docker stack deploy` [docker/cli#593](https://github.com/docker/cli/pull/593)
+- Fix flag description for `--host-add` [docker/cli#648](https://github.com/docker/cli/pull/648)
+* Do not truncate ID on docker service ps --quiet [docker/cli#579](https://github.com/docker/cli/pull/579)
+
+### Deprecation
+
+* Update bash completion and deprecation for synchronous service updates [docker/cli#610](https://github.com/docker/cli/pull/610)
+
+### Logging
+
+* copy to log driver's bufsize, fixes #34887 [moby/moby#34888](https://github.com/moby/moby/pull/34888)
++ Add TCP support for GELF log driver [moby/moby#34758](https://github.com/moby/moby/pull/34758)
++ Add credentials endpoint option for awslogs driver [moby/moby#35055](https://github.com/moby/moby/pull/35055)
+
+### Networking
+
+- Fix network name masking network ID on delete [moby/moby#34509](https://github.com/moby/moby/pull/34509)
+- Fix returned error code for network creation from 500 to 409 [moby/moby#35030](https://github.com/moby/moby/pull/35030)
+- Fix tasks fail with error "Unable to complete atomic operation, key modified" [docker/libnetwork#2004](https://github.com/docker/libnetwork/pull/2004)
+
+### Runtime
+
+* Switch to Containerd 1.0 client [moby/moby#34895](https://github.com/moby/moby/pull/34895)
+* Increase container default shutdown timeout on Windows [moby/moby#35184](https://github.com/moby/moby/pull/35184)
+* LCOW: API: Add `platform` to /images/create and /build [moby/moby#34642](https://github.com/moby/moby/pull/34642)
+* Stop filtering Windows manifest lists by version [moby/moby#35117](https://github.com/moby/moby/pull/35117)
+* Use windows console mode constants from Azure/go-ansiterm [moby/moby#35056](https://github.com/moby/moby/pull/35056)
+* Windows Daemon should respect DOCKER_TMPDIR [moby/moby#35077](https://github.com/moby/moby/pull/35077)
+* Windows: Fix startup logging [moby/moby#35253](https://github.com/moby/moby/pull/35253)
++ Add support for Windows version filtering on pull [moby/moby#35090](https://github.com/moby/moby/pull/35090)
+- Fixes LCOW after containerd 1.0 introduced regressions [moby/moby#35320](https://github.com/moby/moby/pull/35320)
+* ContainerWait on remove: don't stuck on rm fail [moby/moby#34999](https://github.com/moby/moby/pull/34999)
+* oci: obey CL_UNPRIVILEGED for user namespaced daemon [moby/moby#35205](https://github.com/moby/moby/pull/35205)
+* Don't abort when setting may_detach_mounts [moby/moby#35172](https://github.com/moby/moby/pull/35172)
+- Fix panic on get container pid when live restore containers [moby/moby#35157](https://github.com/moby/moby/pull/35157)
+- Mask `/proc/scsi` path for containers to prevent removal of devices (CVE-2017-16539) [moby/moby#35399](https://github.com/moby/moby/pull/35399)
+* Update to github.com/vbatts/tar-split@v0.10.2 (CVE-2017-14992) [moby/moby#35424](https://github.com/moby/moby/pull/35424)
+- Container: protect health monitor channel [moby/moby#35482](https://github.com/moby/moby/pull/35482)
+- Libcontainerd: fix leaking container/exec state [moby/moby#35484](https://github.com/moby/moby/pull/35484)
+
+### Swarm Mode
+
+* Modifying integration test due to new ipam options in swarmkit [moby/moby#35103](https://github.com/moby/moby/pull/35103)
+- Fix deadlock on getting swarm info [moby/moby#35388](https://github.com/moby/moby/pull/35388)
++ Expand the scope of the `Err` field in `TaskStatus` to also cover non-terminal errors that block the task from progressing [docker/swarmkit#2287](https://github.com/docker/swarmkit/pull/2287)
+
+### Packaging
+
++ Build packages for Debian 10 (Buster) [docker/docker-ce-packaging#50](https://github.com/docker/docker-ce-packaging/pull/50)
++ Build packages for Ubuntu 17.10 (Artful) [docker/docker-ce-packaging#55](https://github.com/docker/docker-ce-packaging/pull/55)

Makefile

@@ -1,27 +1,56 @@
 CLI_DIR:=$(CURDIR)/components/cli
 ENGINE_DIR:=$(CURDIR)/components/engine
 PACKAGING_DIR:=$(CURDIR)/components/packaging
+MOBY_COMPONENTS_SHA=ab7c118272b02d8672dc0255561d0c4015979780
+MOBY_COMPONENTS_URL=https://raw.githubusercontent.com/shykes/moby-extras/$(MOBY_COMPONENTS_SHA)/cmd/moby-components
+MOBY_COMPONENTS=.helpers/moby-components-$(MOBY_COMPONENTS_SHA)
 VERSION=$(shell cat VERSION)
 
+.PHONY: help
 help: ## show make targets
 	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf " \033[36m%-20s\033[0m  %s\n", $$1, $$2}' $(MAKEFILE_LIST)
 
+.PHONY: test-integration-cli
 test-integration-cli: $(CLI_DIR)/build/docker ## test integration of cli and engine
 	$(MAKE) -C $(ENGINE_DIR) DOCKER_CLI_PATH=$< test-integration-cli
 
 $(CLI_DIR)/build/docker:
 	$(MAKE) -C $(CLI_DIR) -f docker.Makefile build
 
+.PHONY: deb
 deb: ## build deb packages
 	$(MAKE) VERSION=$(VERSION) CLI_DIR=$(CLI_DIR) ENGINE_DIR=$(ENGINE_DIR) -C $(PACKAGING_DIR) deb
 
+.PHONY: rpm
 rpm: ## build rpm packages
 	$(MAKE) VERSION=$(VERSION) CLI_DIR=$(CLI_DIR) ENGINE_DIR=$(ENGINE_DIR) -C $(PACKAGING_DIR) rpm
 
+.PHONY: static
 static: ## build static packages
 	$(MAKE) VERSION=$(VERSION) CLI_DIR=$(CLI_DIR) ENGINE_DIR=$(ENGINE_DIR) -C $(PACKAGING_DIR) static
 
+.PHONY: clean
 clean: ## clean the build artifacts
 	-$(MAKE) -C $(CLI_DIR) clean
 	-$(MAKE) -C $(ENGINE_DIR) clean
 	-$(MAKE) -C $(PACKAGING_DIR) clean
+
+$(MOBY_COMPONENTS):
+	mkdir -p .helpers
+	curl -fsSL $(MOBY_COMPONENTS_URL) > $(MOBY_COMPONENTS)
+	chmod +x $(MOBY_COMPONENTS)
+
+.PHONY: update-components
+update-components: update-components-cli update-components-engine update-components-packaging ## udpate components using moby extra tool
+
+.PHONY: update-components-cli
+update-components-cli: $(MOBY_COMPONENTS)
+	$(MOBY_COMPONENTS) update cli
+
+.PHONY: update-components-engine
+update-components-engine: $(MOBY_COMPONENTS)
+	$(MOBY_COMPONENTS) update engine
+
+.PHONY: update-components-packaging
+update-components-packaging: $(MOBY_COMPONENTS)
+	$(MOBY_COMPONENTS) update packaging

VERSION

@@ -1 +1 @@
-17.09.0-dev
+17.11.0-ce

components/cli/.github/CODEOWNERS

@@ -1,4 +1,4 @@
-# Github code owners
+# GitHub code owners
 # See https://github.com/blog/2392-introducing-code-owners
 
 cli/command/stack/**        @dnephin @vdemeester

components/cli/MAINTAINERS

@@ -27,6 +27,7 @@
 
 		people = [
 			"aaronlehmann",
+			"albers",
 			"aluzzardi",
 			"anusha",
 			"cpuguy83",
@@ -84,6 +85,11 @@
 	Email = "aaron.lehmann@docker.com"
 	GitHub = "aaronlehmann"
 
+	[people.albers]
+	Name = "Harald Albers"
+	Email = "github@albersweb.de"
+	GitHub = "albers"
+
 	[people.aluzzardi]
 	Name = "Andrea Luzzardi"
 	Email = "al@docker.com"
@@ -97,7 +103,7 @@
 	[people.cpuguy83]
 	Name = "Brian Goff"
 	Email = "cpuguy83@gmail.com"
-	Github = "cpuguy83"
+	GitHub = "cpuguy83"
 
 	[people.crosbymichael]
 	Name = "Michael Crosby"

components/cli/Makefile

@@ -34,6 +34,14 @@ binary: ## build executable for Linux
 cross: ## build executable for macOS and Windows
 	./scripts/build/cross
 
+.PHONY: binary-windows
+binary-windows: ## build executable for Windows
+	./scripts/build/windows
+
+.PHONY: binary-osx
+binary-osx: ## build executable for macOS
+	./scripts/build/osx
+
 .PHONY: dynbinary
 dynbinary: ## build dynamically linked binary
 	./scripts/build/dynbinary

components/cli/README.md

@@ -1,4 +1,4 @@
-[![build status](https://circleci.com/gh/docker/cli.svg?style=shield)](https://circleci.com/gh/docker/cli/tree/master)
+[![build status](https://circleci.com/gh/docker/cli.svg?style=shield)](https://circleci.com/gh/docker/cli/tree/master) [![Build Status](https://jenkins.dockerproject.org/job/docker/job/cli/job/master/badge/icon)](https://jenkins.dockerproject.org/job/docker/job/cli/job/master/)
 
 docker/cli
 ==========

components/cli/VERSION

@@ -1 +1 @@
-17.08.0-dev
+17.11.0-ce

components/cli/cli/cobra.go

@@ -17,6 +17,7 @@ func SetupRootCommand(rootCmd *cobra.Command) {
 	cobra.AddTemplateFunc("operationSubCommands", operationSubCommands)
 	cobra.AddTemplateFunc("managementSubCommands", managementSubCommands)
 	cobra.AddTemplateFunc("wrappedFlagUsages", wrappedFlagUsages)
+	cobra.AddTemplateFunc("useLine", UseLine)
 
 	rootCmd.SetUsageTemplate(usageTemplate)
 	rootCmd.SetHelpTemplate(helpTemplate)
@@ -25,6 +26,7 @@ func SetupRootCommand(rootCmd *cobra.Command) {
 
 	rootCmd.PersistentFlags().BoolP("help", "h", false, "Print usage")
 	rootCmd.PersistentFlags().MarkShorthandDeprecated("help", "please use --help")
+	rootCmd.PersistentFlags().Lookup("help").Hidden = true
 }
 
 // FlagErrorFunc prints an error message which matches the format of the
@@ -97,9 +99,19 @@ func managementSubCommands(cmd *cobra.Command) []*cobra.Command {
 	return cmds
 }
 
+// UseLine returns the usage line for a command. This implementation is different
+// from the default Command.UseLine in that it does not add a `[flags]` to the
+// end of the line.
+func UseLine(cmd *cobra.Command) string {
+	if cmd.HasParent() {
+		return cmd.Parent().CommandPath() + " " + cmd.Use
+	}
+	return cmd.Use
+}
+
 var usageTemplate = `Usage:
 
-{{- if not .HasSubCommands}}	{{.UseLine}}{{end}}
+{{- if not .HasSubCommands}}	{{ useLine . }}{{end}}
 {{- if .HasSubCommands}}	{{ .CommandPath}} COMMAND{{end}}
 
 {{ .Short | trim }}

components/cli/cli/command/checkpoint/cmd.go

@@ -9,11 +9,11 @@ import (
 // NewCheckpointCommand returns the `checkpoint` subcommand (only in experimental)
 func NewCheckpointCommand(dockerCli command.Cli) *cobra.Command {
 	cmd := &cobra.Command{
-		Use:   "checkpoint",
-		Short: "Manage checkpoints",
-		Args:  cli.NoArgs,
-		RunE:  command.ShowHelp(dockerCli.Err()),
-		Tags:  map[string]string{"experimental": "", "version": "1.25"},
+		Use:         "checkpoint",
+		Short:       "Manage checkpoints",
+		Args:        cli.NoArgs,
+		RunE:        command.ShowHelp(dockerCli.Err()),
+		Annotations: map[string]string{"experimental": "", "version": "1.25"},
 	}
 	cmd.AddCommand(
 		newCreateCommand(dockerCli),

components/cli/cli/command/cli.go

@@ -12,14 +12,17 @@ import (
 	cliconfig "github.com/docker/cli/cli/config"
 	"github.com/docker/cli/cli/config/configfile"
 	cliflags "github.com/docker/cli/cli/flags"
+	"github.com/docker/cli/cli/trust"
 	dopts "github.com/docker/cli/opts"
 	"github.com/docker/docker/api"
 	"github.com/docker/docker/client"
 	"github.com/docker/go-connections/sockets"
 	"github.com/docker/go-connections/tlsconfig"
-	"github.com/docker/notary/passphrase"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
+	"github.com/theupdateframework/notary"
+	notaryclient "github.com/theupdateframework/notary/client"
+	"github.com/theupdateframework/notary/passphrase"
 	"golang.org/x/net/context"
 )
 
@@ -39,6 +42,7 @@ type Cli interface {
 	SetIn(in *InStream)
 	ConfigFile() *configfile.ConfigFile
 	ServerInfo() ServerInfo
+	NotaryClient(imgRefAndAuth trust.ImageRefAndAuth, actions []string) (notaryclient.Repository, error)
 }
 
 // DockerCli is an instance the docker command line client.
@@ -111,44 +115,58 @@ func (cli *DockerCli) Initialize(opts *cliflags.ClientOptions) error {
 	var err error
 	cli.client, err = NewAPIClientFromFlags(opts.Common, cli.configFile)
 	if tlsconfig.IsErrEncryptedKey(err) {
-		var (
-			passwd string
-			giveup bool
-		)
 		passRetriever := passphrase.PromptRetrieverWithInOut(cli.In(), cli.Out(), nil)
-
-		for attempts := 0; tlsconfig.IsErrEncryptedKey(err); attempts++ {
-			// some code and comments borrowed from notary/trustmanager/keystore.go
-			passwd, giveup, err = passRetriever("private", "encrypted TLS private", false, attempts)
-			// Check if the passphrase retriever got an error or if it is telling us to give up
-			if giveup || err != nil {
-				return errors.Wrap(err, "private key is encrypted, but could not get passphrase")
-			}
-
-			opts.Common.TLSOptions.Passphrase = passwd
-			cli.client, err = NewAPIClientFromFlags(opts.Common, cli.configFile)
+		newClient := func(password string) (client.APIClient, error) {
+			opts.Common.TLSOptions.Passphrase = password
+			return NewAPIClientFromFlags(opts.Common, cli.configFile)
 		}
+		cli.client, err = getClientWithPassword(passRetriever, newClient)
 	}
-
 	if err != nil {
 		return err
 	}
+	cli.initializeFromClient()
+	return nil
+}
 
+func (cli *DockerCli) initializeFromClient() {
 	cli.defaultVersion = cli.client.ClientVersion()
 
-	if ping, err := cli.client.Ping(context.Background()); err == nil {
-		cli.server = ServerInfo{
-			HasExperimental: ping.Experimental,
-			OSType:          ping.OSType,
-		}
-
-		cli.client.NegotiateAPIVersionPing(ping)
-	} else {
+	ping, err := cli.client.Ping(context.Background())
+	if err != nil {
 		// Default to true if we fail to connect to daemon
 		cli.server = ServerInfo{HasExperimental: true}
+
+		if ping.APIVersion != "" {
+			cli.client.NegotiateAPIVersionPing(ping)
+		}
+		return
 	}
 
-	return nil
+	cli.server = ServerInfo{
+		HasExperimental: ping.Experimental,
+		OSType:          ping.OSType,
+	}
+	cli.client.NegotiateAPIVersionPing(ping)
+}
+
+func getClientWithPassword(passRetriever notary.PassRetriever, newClient func(password string) (client.APIClient, error)) (client.APIClient, error) {
+	for attempts := 0; ; attempts++ {
+		passwd, giveup, err := passRetriever("private", "encrypted TLS private", false, attempts)
+		if giveup || err != nil {
+			return nil, errors.Wrap(err, "private key is encrypted, but could not get passphrase")
+		}
+
+		apiclient, err := newClient(passwd)
+		if !tlsconfig.IsErrEncryptedKey(err) {
+			return apiclient, err
+		}
+	}
+}
+
+// NotaryClient provides a Notary Repository to interact with signed metadata for an image
+func (cli *DockerCli) NotaryClient(imgRefAndAuth trust.ImageRefAndAuth, actions []string) (notaryclient.Repository, error) {
+	return trust.GetNotaryRepository(cli.In(), cli.Out(), UserAgent(), imgRefAndAuth.RepoInfo(), imgRefAndAuth.AuthConfig(), actions...)
 }
 
 // ServerInfo stores details about the supported features and platform of the
@@ -189,7 +207,8 @@ func NewAPIClientFromFlags(opts *cliflags.CommonOptions, configFile *configfile.
 	return client.NewClient(host, verStr, httpClient, customHeaders)
 }
 
-func getServerHost(hosts []string, tlsOptions *tlsconfig.Options) (host string, err error) {
+func getServerHost(hosts []string, tlsOptions *tlsconfig.Options) (string, error) {
+	var host string
 	switch len(hosts) {
 	case 0:
 		host = os.Getenv("DOCKER_HOST")
@@ -199,8 +218,7 @@ func getServerHost(hosts []string, tlsOptions *tlsconfig.Options) (host string,
 		return "", errors.New("Please specify only one -H")
 	}
 
-	host, err = dopts.ParseHost(tlsOptions != nil, host)
-	return
+	return dopts.ParseHost(tlsOptions != nil, host)
 }
 
 func newHTTPClient(host string, tlsOptions *tlsconfig.Options) (*http.Client, error) {

components/cli/cli/command/cli_test.go

@@ -4,12 +4,18 @@ import (
 	"os"
 	"testing"
 
+	"crypto/x509"
+
 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/docker/cli/cli/flags"
+	"github.com/docker/cli/internal/test/testutil"
 	"github.com/docker/docker/api"
+	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
+	"github.com/pkg/errors"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"golang.org/x/net/context"
 )
 
 func TestNewAPIClientFromFlags(t *testing.T) {
@@ -43,7 +49,7 @@ func TestNewAPIClientFromFlagsWithAPIVersionFromEnv(t *testing.T) {
 	assert.Equal(t, customVersion, apiclient.ClientVersion())
 }
 
-// TODO: move to gotestyourself
+// TODO: use gotestyourself/env.Patch
 func patchEnvVariable(t *testing.T, key, value string) func() {
 	oldValue, ok := os.LookupEnv(key)
 	require.NoError(t, os.Setenv(key, value))
@@ -55,3 +61,138 @@ func patchEnvVariable(t *testing.T, key, value string) func() {
 		require.NoError(t, os.Setenv(key, oldValue))
 	}
 }
+
+type fakeClient struct {
+	client.Client
+	pingFunc   func() (types.Ping, error)
+	version    string
+	negotiated bool
+}
+
+func (c *fakeClient) Ping(_ context.Context) (types.Ping, error) {
+	return c.pingFunc()
+}
+
+func (c *fakeClient) ClientVersion() string {
+	return c.version
+}
+
+func (c *fakeClient) NegotiateAPIVersionPing(types.Ping) {
+	c.negotiated = true
+}
+
+func TestInitializeFromClient(t *testing.T) {
+	defaultVersion := "v1.55"
+
+	var testcases = []struct {
+		doc            string
+		pingFunc       func() (types.Ping, error)
+		expectedServer ServerInfo
+		negotiated     bool
+	}{
+		{
+			doc: "successful ping",
+			pingFunc: func() (types.Ping, error) {
+				return types.Ping{Experimental: true, OSType: "linux", APIVersion: "v1.30"}, nil
+			},
+			expectedServer: ServerInfo{HasExperimental: true, OSType: "linux"},
+			negotiated:     true,
+		},
+		{
+			doc: "failed ping, no API version",
+			pingFunc: func() (types.Ping, error) {
+				return types.Ping{}, errors.New("failed")
+			},
+			expectedServer: ServerInfo{HasExperimental: true},
+		},
+		{
+			doc: "failed ping, with API version",
+			pingFunc: func() (types.Ping, error) {
+				return types.Ping{APIVersion: "v1.33"}, errors.New("failed")
+			},
+			expectedServer: ServerInfo{HasExperimental: true},
+			negotiated:     true,
+		},
+	}
+
+	for _, testcase := range testcases {
+		t.Run(testcase.doc, func(t *testing.T) {
+			apiclient := &fakeClient{
+				pingFunc: testcase.pingFunc,
+				version:  defaultVersion,
+			}
+
+			cli := &DockerCli{client: apiclient}
+			cli.initializeFromClient()
+			assert.Equal(t, defaultVersion, cli.defaultVersion)
+			assert.Equal(t, testcase.expectedServer, cli.server)
+			assert.Equal(t, testcase.negotiated, apiclient.negotiated)
+		})
+	}
+}
+
+func TestGetClientWithPassword(t *testing.T) {
+	expected := "password"
+
+	var testcases = []struct {
+		doc             string
+		password        string
+		retrieverErr    error
+		retrieverGiveup bool
+		newClientErr    error
+		expectedErr     string
+	}{
+		{
+			doc:      "successful connect",
+			password: expected,
+		},
+		{
+			doc:             "password retriever exhausted",
+			retrieverGiveup: true,
+			retrieverErr:    errors.New("failed"),
+			expectedErr:     "private key is encrypted, but could not get passphrase",
+		},
+		{
+			doc:          "password retriever error",
+			retrieverErr: errors.New("failed"),
+			expectedErr:  "failed",
+		},
+		{
+			doc:          "newClient error",
+			newClientErr: errors.New("failed to connect"),
+			expectedErr:  "failed to connect",
+		},
+	}
+
+	for _, testcase := range testcases {
+		t.Run(testcase.doc, func(t *testing.T) {
+			passRetriever := func(_, _ string, _ bool, attempts int) (passphrase string, giveup bool, err error) {
+				// Always return an invalid pass first to test iteration
+				switch attempts {
+				case 0:
+					return "something else", false, nil
+				default:
+					return testcase.password, testcase.retrieverGiveup, testcase.retrieverErr
+				}
+			}
+
+			newClient := func(currentPassword string) (client.APIClient, error) {
+				if testcase.newClientErr != nil {
+					return nil, testcase.newClientErr
+				}
+				if currentPassword == expected {
+					return &client.Client{}, nil
+				}
+				return &client.Client{}, x509.IncorrectPasswordError
+			}
+
+			_, err := getClientWithPassword(passRetriever, newClient)
+			if testcase.expectedErr != "" {
+				testutil.ErrorContains(t, err, testcase.expectedErr)
+				return
+			}
+
+			assert.NoError(t, err)
+		})
+	}
+}

components/cli/cli/command/commands/commands.go

@@ -17,6 +17,7 @@ import (
 	"github.com/docker/cli/cli/command/stack"
 	"github.com/docker/cli/cli/command/swarm"
 	"github.com/docker/cli/cli/command/system"
+	"github.com/docker/cli/cli/command/trust"
 	"github.com/docker/cli/cli/command/volume"
 	"github.com/spf13/cobra"
 )
@@ -69,6 +70,9 @@ func AddCommands(cmd *cobra.Command, dockerCli *command.DockerCli) {
 		// swarm
 		swarm.NewSwarmCommand(dockerCli),
 
+		// trust
+		trust.NewTrustCommand(dockerCli),
+
 		// volume
 		volume.NewVolumeCommand(dockerCli),
 

components/cli/cli/command/config/cmd.go

@@ -8,14 +8,13 @@ import (
 )
 
 // NewConfigCommand returns a cobra command for `config` subcommands
-// nolint: interfacer
-func NewConfigCommand(dockerCli *command.DockerCli) *cobra.Command {
+func NewConfigCommand(dockerCli command.Cli) *cobra.Command {
 	cmd := &cobra.Command{
-		Use:   "config",
-		Short: "Manage Docker configs",
-		Args:  cli.NoArgs,
-		RunE:  command.ShowHelp(dockerCli.Err()),
-		Tags:  map[string]string{"version": "1.30"},
+		Use:         "config",
+		Short:       "Manage Docker configs",
+		Args:        cli.NoArgs,
+		RunE:        command.ShowHelp(dockerCli.Err()),
+		Annotations: map[string]string{"version": "1.30"},
 	}
 	cmd.AddCommand(
 		newConfigListCommand(dockerCli),

components/cli/cli/command/config/ls.go

@@ -1,15 +1,27 @@
 package config
 
 import (
+	"sort"
+
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/formatter"
 	"github.com/docker/cli/opts"
 	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/swarm"
 	"github.com/spf13/cobra"
 	"golang.org/x/net/context"
+	"vbom.ml/util/sortorder"
 )
 
+type byConfigName []swarm.Config
+
+func (r byConfigName) Len() int      { return len(r) }
+func (r byConfigName) Swap(i, j int) { r[i], r[j] = r[j], r[i] }
+func (r byConfigName) Less(i, j int) bool {
+	return sortorder.NaturalLess(r[i].Spec.Name, r[j].Spec.Name)
+}
+
 type listOptions struct {
 	quiet  bool
 	format string
@@ -55,6 +67,8 @@ func runConfigList(dockerCli command.Cli, options listOptions) error {
 		}
 	}
 
+	sort.Sort(byConfigName(configs))
+
 	configCtx := formatter.Context{
 		Output: dockerCli.Out(),
 		Format: formatter.NewConfigFormat(format, options.quiet),

components/cli/cli/command/config/ls_test.go

@@ -50,14 +50,20 @@ func TestConfigList(t *testing.T) {
 	cli := test.NewFakeCli(&fakeClient{
 		configListFunc: func(options types.ConfigListOptions) ([]swarm.Config, error) {
 			return []swarm.Config{
-				*Config(ConfigID("ID-foo"),
-					ConfigName("foo"),
+				*Config(ConfigID("ID-1-foo"),
+					ConfigName("1-foo"),
 					ConfigVersion(swarm.Version{Index: 10}),
 					ConfigCreatedAt(time.Now().Add(-2*time.Hour)),
 					ConfigUpdatedAt(time.Now().Add(-1*time.Hour)),
 				),
-				*Config(ConfigID("ID-bar"),
-					ConfigName("bar"),
+				*Config(ConfigID("ID-10-foo"),
+					ConfigName("10-foo"),
+					ConfigVersion(swarm.Version{Index: 11}),
+					ConfigCreatedAt(time.Now().Add(-2*time.Hour)),
+					ConfigUpdatedAt(time.Now().Add(-1*time.Hour)),
+				),
+				*Config(ConfigID("ID-2-foo"),
+					ConfigName("2-foo"),
 					ConfigVersion(swarm.Version{Index: 11}),
 					ConfigCreatedAt(time.Now().Add(-2*time.Hour)),
 					ConfigUpdatedAt(time.Now().Add(-1*time.Hour)),
@@ -66,9 +72,8 @@ func TestConfigList(t *testing.T) {
 		},
 	})
 	cmd := newConfigListCommand(cli)
-	cmd.SetOutput(cli.OutBuffer())
 	assert.NoError(t, cmd.Execute())
-	golden.Assert(t, cli.OutBuffer().String(), "config-list.golden")
+	golden.Assert(t, cli.OutBuffer().String(), "config-list-sort.golden")
 }
 
 func TestConfigListWithQuietOption(t *testing.T) {

components/cli/cli/command/config/testdata/config-list-sort.golden

@@ -0,0 +1,4 @@
+ID                  NAME                CREATED             UPDATED
+ID-1-foo            1-foo               2 hours ago         About an hour ago
+ID-2-foo            2-foo               2 hours ago         About an hour ago
+ID-10-foo           10-foo              2 hours ago         About an hour ago

components/cli/cli/command/config/testdata/config-list-with-config-format.golden

@@ -1,2 +1,2 @@
-foo 
 bar label=label-bar
+foo 

components/cli/cli/command/config/testdata/config-list-with-filter.golden

@@ -1,3 +1,3 @@
 ID                  NAME                CREATED             UPDATED
-ID-foo              foo                 2 hours ago         About an hour ago
 ID-bar              bar                 2 hours ago         About an hour ago
+ID-foo              foo                 2 hours ago         About an hour ago

components/cli/cli/command/config/testdata/config-list-with-format.golden

@@ -1,2 +1,2 @@
-foo 
 bar label=label-bar
+foo 

components/cli/cli/command/config/testdata/config-list-with-quiet-option.golden

@@ -1,2 +1,2 @@
-ID-foo
 ID-bar
+ID-foo

components/cli/cli/command/config/testdata/config-list.golden

@@ -1,3 +0,0 @@
-ID                  NAME                CREATED             UPDATED
-ID-foo              foo                 2 hours ago         About an hour ago
-ID-bar              bar                 2 hours ago         About an hour ago

components/cli/cli/command/container/attach.go

@@ -4,13 +4,13 @@ import (
 	"io"
 	"net/http/httputil"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
 	"github.com/docker/docker/pkg/signal"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"golang.org/x/net/context"
 )

components/cli/cli/command/container/cmd.go

@@ -7,8 +7,7 @@ import (
 )
 
 // NewContainerCommand returns a cobra command for `container` subcommands
-// nolint: interfacer
-func NewContainerCommand(dockerCli *command.DockerCli) *cobra.Command {
+func NewContainerCommand(dockerCli command.Cli) *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "container",
 		Short: "Manage containers",

components/cli/cli/command/container/commit.go

@@ -22,7 +22,7 @@ type commitOptions struct {
 }
 
 // NewCommitCommand creates a new cobra.Command for `docker commit`
-func NewCommitCommand(dockerCli *command.DockerCli) *cobra.Command {
+func NewCommitCommand(dockerCli command.Cli) *cobra.Command {
 	var options commitOptions
 
 	cmd := &cobra.Command{
@@ -51,7 +51,7 @@ func NewCommitCommand(dockerCli *command.DockerCli) *cobra.Command {
 	return cmd
 }
 
-func runCommit(dockerCli *command.DockerCli, options *commitOptions) error {
+func runCommit(dockerCli command.Cli, options *commitOptions) error {
 	ctx := context.Background()
 
 	name := options.container

components/cli/cli/command/container/cp.go

@@ -36,7 +36,7 @@ type cpConfig struct {
 }
 
 // NewCopyCommand creates a new `docker cp` command
-func NewCopyCommand(dockerCli *command.DockerCli) *cobra.Command {
+func NewCopyCommand(dockerCli command.Cli) *cobra.Command {
 	var opts copyOptions
 
 	cmd := &cobra.Command{
@@ -72,7 +72,7 @@ func NewCopyCommand(dockerCli *command.DockerCli) *cobra.Command {
 	return cmd
 }
 
-func runCopy(dockerCli *command.DockerCli, opts copyOptions) error {
+func runCopy(dockerCli command.Cli, opts copyOptions) error {
 	srcContainer, srcPath := splitCpArg(opts.source)
 	dstContainer, dstPath := splitCpArg(opts.destination)
 
@@ -104,7 +104,7 @@ func runCopy(dockerCli *command.DockerCli, opts copyOptions) error {
 	}
 }
 
-func statContainerPath(ctx context.Context, dockerCli *command.DockerCli, containerName, path string) (types.ContainerPathStat, error) {
+func statContainerPath(ctx context.Context, dockerCli command.Cli, containerName, path string) (types.ContainerPathStat, error) {
 	return dockerCli.Client().ContainerStatPath(ctx, containerName, path)
 }
 
@@ -113,10 +113,10 @@ func resolveLocalPath(localPath string) (absPath string, err error) {
 		return
 	}
 
-	return archive.PreserveTrailingDotOrSeparator(absPath, localPath), nil
+	return archive.PreserveTrailingDotOrSeparator(absPath, localPath, filepath.Separator), nil
 }
 
-func copyFromContainer(ctx context.Context, dockerCli *command.DockerCli, srcContainer, srcPath, dstPath string, cpParam *cpConfig) (err error) {
+func copyFromContainer(ctx context.Context, dockerCli command.Cli, srcContainer, srcPath, dstPath string, cpParam *cpConfig) (err error) {
 	if dstPath != "-" {
 		// Get an absolute destination path.
 		dstPath, err = resolveLocalPath(dstPath)
@@ -177,7 +177,7 @@ func copyFromContainer(ctx context.Context, dockerCli *command.DockerCli, srcCon
 	return archive.CopyTo(preArchive, srcInfo, dstPath)
 }
 
-func copyToContainer(ctx context.Context, dockerCli *command.DockerCli, srcPath, dstContainer, dstPath string, cpParam *cpConfig, copyUIDGID bool) (err error) {
+func copyToContainer(ctx context.Context, dockerCli command.Cli, srcPath, dstContainer, dstPath string, cpParam *cpConfig, copyUIDGID bool) (err error) {
 	if srcPath != "-" {
 		// Get an absolute source path.
 		srcPath, err = resolveLocalPath(srcPath)

components/cli/cli/command/container/create.go

@@ -194,7 +194,7 @@ func createContainer(ctx context.Context, dockerCli command.Cli, containerConfig
 
 	//if image not found try to pull it
 	if err != nil {
-		if apiclient.IsErrImageNotFound(err) && namedRef != nil {
+		if apiclient.IsErrNotFound(err) && namedRef != nil {
 			fmt.Fprintf(stderr, "Unable to find image '%s' locally\n", reference.FamiliarString(namedRef))
 
 			// we don't want to write to stdout anything apart from container.ID

components/cli/cli/command/container/diff.go

@@ -14,7 +14,7 @@ type diffOptions struct {
 }
 
 // NewDiffCommand creates a new cobra.Command for `docker diff`
-func NewDiffCommand(dockerCli *command.DockerCli) *cobra.Command {
+func NewDiffCommand(dockerCli command.Cli) *cobra.Command {
 	var opts diffOptions
 
 	return &cobra.Command{
@@ -28,7 +28,7 @@ func NewDiffCommand(dockerCli *command.DockerCli) *cobra.Command {
 	}
 }
 
-func runDiff(dockerCli *command.DockerCli, opts *diffOptions) error {
+func runDiff(dockerCli command.Cli, opts *diffOptions) error {
 	if opts.container == "" {
 		return errors.New("Container name cannot be empty")
 	}

components/cli/cli/command/container/exec.go

@@ -4,15 +4,14 @@ import (
 	"fmt"
 	"io"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/config/configfile"
 	"github.com/docker/cli/opts"
 	"github.com/docker/docker/api/types"
 	apiclient "github.com/docker/docker/client"
-	"github.com/docker/docker/pkg/promise"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"golang.org/x/net/context"
 )
@@ -106,7 +105,6 @@ func interactiveExec(ctx context.Context, dockerCli command.Cli, execConfig *typ
 	var (
 		out, stderr io.Writer
 		in          io.ReadCloser
-		errCh       chan error
 	)
 
 	if execConfig.AttachStdin {
@@ -124,24 +122,33 @@ func interactiveExec(ctx context.Context, dockerCli command.Cli, execConfig *typ
 	}
 
 	client := dockerCli.Client()
-	resp, err := client.ContainerExecAttach(ctx, execID, *execConfig)
+	execStartCheck := types.ExecStartCheck{
+		Tty: execConfig.Tty,
+	}
+	resp, err := client.ContainerExecAttach(ctx, execID, execStartCheck)
 	if err != nil {
 		return err
 	}
 	defer resp.Close()
-	errCh = promise.Go(func() error {
-		streamer := hijackedIOStreamer{
-			streams:      dockerCli,
-			inputStream:  in,
-			outputStream: out,
-			errorStream:  stderr,
-			resp:         resp,
-			tty:          execConfig.Tty,
-			detachKeys:   execConfig.DetachKeys,
-		}
 
-		return streamer.stream(ctx)
-	})
+	errCh := make(chan error, 1)
+
+	go func() {
+		defer close(errCh)
+		errCh <- func() error {
+			streamer := hijackedIOStreamer{
+				streams:      dockerCli,
+				inputStream:  in,
+				outputStream: out,
+				errorStream:  stderr,
+				resp:         resp,
+				tty:          execConfig.Tty,
+				detachKeys:   execConfig.DetachKeys,
+			}
+
+			return streamer.stream(ctx)
+		}()
+	}()
 
 	if execConfig.Tty && dockerCli.In().IsTerminal() {
 		if err := MonitorTtySize(ctx, dockerCli, execID, true); err != nil {

components/cli/cli/command/container/export.go

@@ -16,7 +16,7 @@ type exportOptions struct {
 }
 
 // NewExportCommand creates a new `docker export` command
-func NewExportCommand(dockerCli *command.DockerCli) *cobra.Command {
+func NewExportCommand(dockerCli command.Cli) *cobra.Command {
 	var opts exportOptions
 
 	cmd := &cobra.Command{
@@ -36,7 +36,7 @@ func NewExportCommand(dockerCli *command.DockerCli) *cobra.Command {
 	return cmd
 }
 
-func runExport(dockerCli *command.DockerCli, opts exportOptions) error {
+func runExport(dockerCli command.Cli, opts exportOptions) error {
 	if opts.output == "" && dockerCli.Out().IsTerminal() {
 		return errors.New("cowardly refusing to save to a terminal. Use the -o flag or redirect")
 	}

components/cli/cli/command/container/hijack.go

@@ -6,12 +6,12 @@ import (
 	"runtime"
 	"sync"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/stdcopy"
 	"github.com/docker/docker/pkg/term"
+	"github.com/sirupsen/logrus"
 	"golang.org/x/net/context"
 )
 
@@ -185,6 +185,7 @@ func setRawTerminal(streams command.Streams) error {
 	return streams.Out().SetRawTerminal()
 }
 
+// nolint: unparam
 func restoreTerminal(streams command.Streams, in io.Closer) error {
 	streams.In().RestoreTerminal()
 	streams.Out().RestoreTerminal()

components/cli/cli/command/container/inspect.go

@@ -15,7 +15,7 @@ type inspectOptions struct {
 }
 
 // newInspectCommand creates a new cobra.Command for `docker container inspect`
-func newInspectCommand(dockerCli *command.DockerCli) *cobra.Command {
+func newInspectCommand(dockerCli command.Cli) *cobra.Command {
 	var opts inspectOptions
 
 	cmd := &cobra.Command{
@@ -35,7 +35,7 @@ func newInspectCommand(dockerCli *command.DockerCli) *cobra.Command {
 	return cmd
 }
 
-func runInspect(dockerCli *command.DockerCli, opts inspectOptions) error {
+func runInspect(dockerCli command.Cli, opts inspectOptions) error {
 	client := dockerCli.Client()
 	ctx := context.Background()
 

components/cli/cli/command/container/kill.go

@@ -18,7 +18,7 @@ type killOptions struct {
 }
 
 // NewKillCommand creates a new cobra.Command for `docker kill`
-func NewKillCommand(dockerCli *command.DockerCli) *cobra.Command {
+func NewKillCommand(dockerCli command.Cli) *cobra.Command {
 	var opts killOptions
 
 	cmd := &cobra.Command{
@@ -36,7 +36,7 @@ func NewKillCommand(dockerCli *command.DockerCli) *cobra.Command {
 	return cmd
 }
 
-func runKill(dockerCli *command.DockerCli, opts *killOptions) error {
+func runKill(dockerCli command.Cli, opts *killOptions) error {
 	var errs []string
 	ctx := context.Background()
 	errChan := parallelOperation(ctx, opts.containers, func(ctx context.Context, container string) error {

components/cli/cli/command/container/list.go

@@ -25,7 +25,7 @@ type psOptions struct {
 }
 
 // NewPsCommand creates a new cobra.Command for `docker ps`
-func NewPsCommand(dockerCli *command.DockerCli) *cobra.Command {
+func NewPsCommand(dockerCli command.Cli) *cobra.Command {
 	options := psOptions{filter: opts.NewFilterOpt()}
 
 	cmd := &cobra.Command{
@@ -51,7 +51,7 @@ func NewPsCommand(dockerCli *command.DockerCli) *cobra.Command {
 	return cmd
 }
 
-func newListCommand(dockerCli *command.DockerCli) *cobra.Command {
+func newListCommand(dockerCli command.Cli) *cobra.Command {
 	cmd := *NewPsCommand(dockerCli)
 	cmd.Aliases = []string{"ps", "list"}
 	cmd.Use = "ls [OPTIONS]"
@@ -109,7 +109,7 @@ func buildContainerListOptions(opts *psOptions) (*types.ContainerListOptions, er
 	return options, nil
 }
 
-func runPs(dockerCli *command.DockerCli, options *psOptions) error {
+func runPs(dockerCli command.Cli, options *psOptions) error {
 	ctx := context.Background()
 
 	listOptions, err := buildContainerListOptions(options)

components/cli/cli/command/container/logs.go

@@ -22,7 +22,7 @@ type logsOptions struct {
 }
 
 // NewLogsCommand creates a new cobra.Command for `docker logs`
-func NewLogsCommand(dockerCli *command.DockerCli) *cobra.Command {
+func NewLogsCommand(dockerCli command.Cli) *cobra.Command {
 	var opts logsOptions
 
 	cmd := &cobra.Command{
@@ -44,7 +44,7 @@ func NewLogsCommand(dockerCli *command.DockerCli) *cobra.Command {
 	return cmd
 }
 
-func runLogs(dockerCli *command.DockerCli, opts *logsOptions) error {
+func runLogs(dockerCli command.Cli, opts *logsOptions) error {
 	ctx := context.Background()
 
 	options := types.ContainerLogsOptions{

components/cli/cli/command/container/opts.go

@@ -11,7 +11,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/cli/cli/compose/loader"
 	"github.com/docker/cli/opts"
 	"github.com/docker/docker/api/types/container"
@@ -20,6 +19,7 @@ import (
 	"github.com/docker/docker/pkg/signal"
 	"github.com/docker/go-connections/nat"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 	"github.com/spf13/pflag"
 )
 

components/cli/cli/command/container/opts_test.go

@@ -43,11 +43,9 @@ func TestValidateAttach(t *testing.T) {
 	}
 }
 
+// nolint: unparam
 func parseRun(args []string) (*container.Config, *container.HostConfig, *networktypes.NetworkingConfig, error) {
-	flags := pflag.NewFlagSet("run", pflag.ContinueOnError)
-	flags.SetOutput(ioutil.Discard)
-	flags.Usage = nil
-	copts := addFlags(flags)
+	flags, copts := setupRunFlags()
 	if err := flags.Parse(args); err != nil {
 		return nil, nil, nil, err
 	}
@@ -59,6 +57,14 @@ func parseRun(args []string) (*container.Config, *container.HostConfig, *network
 	return containerConfig.Config, containerConfig.HostConfig, containerConfig.NetworkingConfig, err
 }
 
+func setupRunFlags() (*pflag.FlagSet, *containerOptions) {
+	flags := pflag.NewFlagSet("run", pflag.ContinueOnError)
+	flags.SetOutput(ioutil.Discard)
+	flags.Usage = nil
+	copts := addFlags(flags)
+	return flags, copts
+}
+
 func parseMustError(t *testing.T, args string) {
 	_, _, _, err := parseRun(strings.Split(args+" ubuntu bash", " "))
 	assert.Error(t, err, args)
@@ -226,20 +232,21 @@ func TestParseWithMacAddress(t *testing.T) {
 	}
 }
 
-func TestParseWithMemory(t *testing.T) {
-	invalidMemory := "--memory=invalid"
-	_, _, _, err := parseRun([]string{invalidMemory, "img", "cmd"})
-	testutil.ErrorContains(t, err, invalidMemory)
+func TestRunFlagsParseWithMemory(t *testing.T) {
+	flags, _ := setupRunFlags()
+	args := []string{"--memory=invalid", "img", "cmd"}
+	err := flags.Parse(args)
+	testutil.ErrorContains(t, err, `invalid argument "invalid" for "-m, --memory" flag`)
 
 	_, hostconfig := mustParse(t, "--memory=1G")
 	assert.Equal(t, int64(1073741824), hostconfig.Memory)
 }
 
 func TestParseWithMemorySwap(t *testing.T) {
-	invalidMemory := "--memory-swap=invalid"
-
-	_, _, _, err := parseRun([]string{invalidMemory, "img", "cmd"})
-	testutil.ErrorContains(t, err, invalidMemory)
+	flags, _ := setupRunFlags()
+	args := []string{"--memory-swap=invalid", "img", "cmd"}
+	err := flags.Parse(args)
+	testutil.ErrorContains(t, err, `invalid argument "invalid" for "--memory-swap" flag`)
 
 	_, hostconfig := mustParse(t, "--memory-swap=1G")
 	assert.Equal(t, int64(1073741824), hostconfig.MemorySwap)
@@ -364,7 +371,10 @@ func TestParseDevice(t *testing.T) {
 
 func TestParseModes(t *testing.T) {
 	// pid ko
-	_, _, _, err := parseRun([]string{"--pid=container:", "img", "cmd"})
+	flags, copts := setupRunFlags()
+	args := []string{"--pid=container:", "img", "cmd"}
+	require.NoError(t, flags.Parse(args))
+	_, err := parse(flags, copts)
 	testutil.ErrorContains(t, err, "--pid: invalid PID mode")
 
 	// pid ok
@@ -384,14 +394,18 @@ func TestParseModes(t *testing.T) {
 	if !hostconfig.UTSMode.Valid() {
 		t.Fatalf("Expected a valid UTSMode, got %v", hostconfig.UTSMode)
 	}
+}
 
+func TestRunFlagsParseShmSize(t *testing.T) {
 	// shm-size ko
-	expectedErr := `invalid argument "a128m" for --shm-size=a128m: invalid size: 'a128m'`
-	_, _, _, err = parseRun([]string{"--shm-size=a128m", "img", "cmd"})
+	flags, _ := setupRunFlags()
+	args := []string{"--shm-size=a128m", "img", "cmd"}
+	expectedErr := `invalid argument "a128m" for "--shm-size" flag: invalid size: 'a128m'`
+	err := flags.Parse(args)
 	testutil.ErrorContains(t, err, expectedErr)
 
 	// shm-size ok
-	_, hostconfig, _, err = parseRun([]string{"--shm-size=128m", "img", "cmd"})
+	_, hostconfig, _, err := parseRun([]string{"--shm-size=128m", "img", "cmd"})
 	require.NoError(t, err)
 	if hostconfig.ShmSize != 134217728 {
 		t.Fatalf("Expected a valid ShmSize, got %d", hostconfig.ShmSize)

components/cli/cli/command/container/pause.go

@@ -16,7 +16,7 @@ type pauseOptions struct {
 }
 
 // NewPauseCommand creates a new cobra.Command for `docker pause`
-func NewPauseCommand(dockerCli *command.DockerCli) *cobra.Command {
+func NewPauseCommand(dockerCli command.Cli) *cobra.Command {
 	var opts pauseOptions
 
 	return &cobra.Command{
@@ -30,7 +30,7 @@ func NewPauseCommand(dockerCli *command.DockerCli) *cobra.Command {
 	}
 }
 
-func runPause(dockerCli *command.DockerCli, opts *pauseOptions) error {
+func runPause(dockerCli command.Cli, opts *pauseOptions) error {
 	ctx := context.Background()
 
 	var errs []string

components/cli/cli/command/container/port.go

@@ -19,7 +19,7 @@ type portOptions struct {
 }
 
 // NewPortCommand creates a new cobra.Command for `docker port`
-func NewPortCommand(dockerCli *command.DockerCli) *cobra.Command {
+func NewPortCommand(dockerCli command.Cli) *cobra.Command {
 	var opts portOptions
 
 	cmd := &cobra.Command{
@@ -37,7 +37,7 @@ func NewPortCommand(dockerCli *command.DockerCli) *cobra.Command {
 	return cmd
 }
 
-func runPort(dockerCli *command.DockerCli, opts *portOptions) error {
+func runPort(dockerCli command.Cli, opts *portOptions) error {
 	ctx := context.Background()
 
 	c, err := dockerCli.Client().ContainerInspect(ctx, opts.container)

components/cli/cli/command/container/prune.go

@@ -35,7 +35,7 @@ func NewPruneCommand(dockerCli command.Cli) *cobra.Command {
 			fmt.Fprintln(dockerCli.Out(), "Total reclaimed space:", units.HumanSize(float64(spaceReclaimed)))
 			return nil
 		},
-		Tags: map[string]string{"version": "1.25"},
+		Annotations: map[string]string{"version": "1.25"},
 	}
 
 	flags := cmd.Flags()
@@ -52,12 +52,12 @@ func runPrune(dockerCli command.Cli, options pruneOptions) (spaceReclaimed uint6
 	pruneFilters := command.PruneFilters(dockerCli, options.filter.Value())
 
 	if !options.force && !command.PromptForConfirmation(dockerCli.In(), dockerCli.Out(), warning) {
-		return
+		return 0, "", nil
 	}
 
 	report, err := dockerCli.Client().ContainersPrune(context.Background(), pruneFilters)
 	if err != nil {
-		return
+		return 0, "", err
 	}
 
 	if len(report.ContainersDeleted) > 0 {
@@ -68,7 +68,7 @@ func runPrune(dockerCli command.Cli, options pruneOptions) (spaceReclaimed uint6
 		spaceReclaimed = report.SpaceReclaimed
 	}
 
-	return
+	return spaceReclaimed, output, nil
 }
 
 // RunPrune calls the Container Prune API

components/cli/cli/command/container/rename.go

@@ -17,7 +17,7 @@ type renameOptions struct {
 }
 
 // NewRenameCommand creates a new cobra.Command for `docker rename`
-func NewRenameCommand(dockerCli *command.DockerCli) *cobra.Command {
+func NewRenameCommand(dockerCli command.Cli) *cobra.Command {
 	var opts renameOptions
 
 	cmd := &cobra.Command{
@@ -33,7 +33,7 @@ func NewRenameCommand(dockerCli *command.DockerCli) *cobra.Command {
 	return cmd
 }
 
-func runRename(dockerCli *command.DockerCli, opts *renameOptions) error {
+func runRename(dockerCli command.Cli, opts *renameOptions) error {
 	ctx := context.Background()
 
 	oldName := strings.TrimSpace(opts.oldName)

components/cli/cli/command/container/restart.go

@@ -20,7 +20,7 @@ type restartOptions struct {
 }
 
 // NewRestartCommand creates a new cobra.Command for `docker restart`
-func NewRestartCommand(dockerCli *command.DockerCli) *cobra.Command {
+func NewRestartCommand(dockerCli command.Cli) *cobra.Command {
 	var opts restartOptions
 
 	cmd := &cobra.Command{
@@ -39,7 +39,7 @@ func NewRestartCommand(dockerCli *command.DockerCli) *cobra.Command {
 	return cmd
 }
 
-func runRestart(dockerCli *command.DockerCli, opts *restartOptions) error {
+func runRestart(dockerCli command.Cli, opts *restartOptions) error {
 	ctx := context.Background()
 	var errs []string
 	var timeout *time.Duration

components/cli/cli/command/container/rm.go

@@ -21,7 +21,7 @@ type rmOptions struct {
 }
 
 // NewRmCommand creates a new cobra.Command for `docker rm`
-func NewRmCommand(dockerCli *command.DockerCli) *cobra.Command {
+func NewRmCommand(dockerCli command.Cli) *cobra.Command {
 	var opts rmOptions
 
 	cmd := &cobra.Command{
@@ -41,7 +41,7 @@ func NewRmCommand(dockerCli *command.DockerCli) *cobra.Command {
 	return cmd
 }
 
-func runRm(dockerCli *command.DockerCli, opts *rmOptions) error {
+func runRm(dockerCli command.Cli, opts *rmOptions) error {
 	ctx := context.Background()
 
 	var errs []string

components/cli/cli/command/container/run.go

@@ -10,16 +10,15 @@ import (
 	"strings"
 	"syscall"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/opts"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
-	"github.com/docker/docker/pkg/promise"
 	"github.com/docker/docker/pkg/signal"
 	"github.com/docker/docker/pkg/term"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 	"golang.org/x/net/context"
@@ -33,7 +32,7 @@ type runOptions struct {
 }
 
 // NewRunCommand create a new `docker run` command
-func NewRunCommand(dockerCli *command.DockerCli) *cobra.Command {
+func NewRunCommand(dockerCli command.Cli) *cobra.Command {
 	var opts runOptions
 	var copts *containerOptions
 
@@ -97,7 +96,7 @@ func isLocalhost(ip string) bool {
 	return localhostIPRegexp.MatchString(ip)
 }
 
-func runRun(dockerCli *command.DockerCli, flags *pflag.FlagSet, ropts *runOptions, copts *containerOptions) error {
+func runRun(dockerCli command.Cli, flags *pflag.FlagSet, ropts *runOptions, copts *containerOptions) error {
 	proxyConfig := dockerCli.ConfigFile().ParseProxyConfig(dockerCli.Client().DaemonHost(), copts.env.GetAll())
 	newEnv := []string{}
 	for k, v := range proxyConfig {
@@ -118,7 +117,7 @@ func runRun(dockerCli *command.DockerCli, flags *pflag.FlagSet, ropts *runOption
 }
 
 // nolint: gocyclo
-func runContainer(dockerCli *command.DockerCli, opts *runOptions, copts *containerOptions, containerConfig *containerConfig) error {
+func runContainer(dockerCli command.Cli, opts *runOptions, copts *containerOptions, containerConfig *containerConfig) error {
 	config := containerConfig.Config
 	hostConfig := containerConfig.HostConfig
 	stdout, stderr := dockerCli.Out(), dockerCli.Err()
@@ -291,22 +290,27 @@ func attachContainer(
 		return nil, errAttach
 	}
 
-	*errCh = promise.Go(func() error {
-		streamer := hijackedIOStreamer{
-			streams:      dockerCli,
-			inputStream:  in,
-			outputStream: out,
-			errorStream:  cerr,
-			resp:         resp,
-			tty:          config.Tty,
-			detachKeys:   options.DetachKeys,
-		}
+	ch := make(chan error, 1)
+	*errCh = ch
 
-		if errHijack := streamer.stream(ctx); errHijack != nil {
-			return errHijack
-		}
-		return errAttach
-	})
+	go func() {
+		ch <- func() error {
+			streamer := hijackedIOStreamer{
+				streams:      dockerCli,
+				inputStream:  in,
+				outputStream: out,
+				errorStream:  cerr,
+				resp:         resp,
+				tty:          config.Tty,
+				detachKeys:   options.DetachKeys,
+			}
+
+			if errHijack := streamer.stream(ctx); errHijack != nil {
+				return errHijack
+			}
+			return errAttach
+		}()
+	}()
 	return resp.Close, nil
 }
 

components/cli/cli/command/container/start.go

@@ -9,7 +9,6 @@ import (
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/docker/api/types"
-	"github.com/docker/docker/pkg/promise"
 	"github.com/docker/docker/pkg/signal"
 	"github.com/docker/docker/pkg/term"
 	"github.com/pkg/errors"
@@ -28,7 +27,7 @@ type startOptions struct {
 }
 
 // NewStartCommand creates a new cobra.Command for `docker start`
-func NewStartCommand(dockerCli *command.DockerCli) *cobra.Command {
+func NewStartCommand(dockerCli command.Cli) *cobra.Command {
 	var opts startOptions
 
 	cmd := &cobra.Command{
@@ -54,7 +53,7 @@ func NewStartCommand(dockerCli *command.DockerCli) *cobra.Command {
 }
 
 // nolint: gocyclo
-func runStart(dockerCli *command.DockerCli, opts *startOptions) error {
+func runStart(dockerCli command.Cli, opts *startOptions) error {
 	ctx, cancelFun := context.WithCancel(context.Background())
 
 	if opts.attach || opts.openStdin {
@@ -103,23 +102,28 @@ func runStart(dockerCli *command.DockerCli, opts *startOptions) error {
 			return errAttach
 		}
 		defer resp.Close()
-		cErr := promise.Go(func() error {
-			streamer := hijackedIOStreamer{
-				streams:      dockerCli,
-				inputStream:  in,
-				outputStream: dockerCli.Out(),
-				errorStream:  dockerCli.Err(),
-				resp:         resp,
-				tty:          c.Config.Tty,
-				detachKeys:   options.DetachKeys,
-			}
 
-			errHijack := streamer.stream(ctx)
-			if errHijack == nil {
-				return errAttach
-			}
-			return errHijack
-		})
+		cErr := make(chan error, 1)
+
+		go func() {
+			cErr <- func() error {
+				streamer := hijackedIOStreamer{
+					streams:      dockerCli,
+					inputStream:  in,
+					outputStream: dockerCli.Out(),
+					errorStream:  dockerCli.Err(),
+					resp:         resp,
+					tty:          c.Config.Tty,
+					detachKeys:   options.DetachKeys,
+				}
+
+				errHijack := streamer.stream(ctx)
+				if errHijack == nil {
+					return errAttach
+				}
+				return errHijack
+			}()
+		}()
 
 		// 3. We should open a channel for receiving status code of the container
 		// no matter it's detached, removed on daemon side(--rm) or exit normally.
@@ -177,7 +181,7 @@ func runStart(dockerCli *command.DockerCli, opts *startOptions) error {
 	return nil
 }
 
-func startContainersWithoutAttachments(ctx context.Context, dockerCli *command.DockerCli, containers []string) error {
+func startContainersWithoutAttachments(ctx context.Context, dockerCli command.Cli, containers []string) error {
 	var failedContainers []string
 	for _, container := range containers {
 		if err := dockerCli.Client().ContainerStart(ctx, container, types.ContainerStartOptions{}); err != nil {

components/cli/cli/command/container/stats.go

@@ -21,12 +21,13 @@ import (
 type statsOptions struct {
 	all        bool
 	noStream   bool
+	noTrunc    bool
 	format     string
 	containers []string
 }
 
 // NewStatsCommand creates a new cobra.Command for `docker stats`
-func NewStatsCommand(dockerCli *command.DockerCli) *cobra.Command {
+func NewStatsCommand(dockerCli command.Cli) *cobra.Command {
 	var opts statsOptions
 
 	cmd := &cobra.Command{
@@ -42,6 +43,7 @@ func NewStatsCommand(dockerCli *command.DockerCli) *cobra.Command {
 	flags := cmd.Flags()
 	flags.BoolVarP(&opts.all, "all", "a", false, "Show all containers (default shows just running)")
 	flags.BoolVar(&opts.noStream, "no-stream", false, "Disable streaming stats and only pull the first result")
+	flags.BoolVar(&opts.noTrunc, "no-trunc", false, "Do not truncate output")
 	flags.StringVar(&opts.format, "format", "", "Pretty-print images using a Go template")
 	return cmd
 }
@@ -49,7 +51,7 @@ func NewStatsCommand(dockerCli *command.DockerCli) *cobra.Command {
 // runStats displays a live stream of resource usage statistics for one or more containers.
 // This shows real-time information on CPU usage, memory usage, and network I/O.
 // nolint: gocyclo
-func runStats(dockerCli *command.DockerCli, opts *statsOptions) error {
+func runStats(dockerCli command.Cli, opts *statsOptions) error {
 	showAll := len(opts.containers) == 0
 	closeChan := make(chan error)
 
@@ -214,7 +216,7 @@ func runStats(dockerCli *command.DockerCli, opts *statsOptions) error {
 			ccstats = append(ccstats, c.GetStatistics())
 		}
 		cStats.mu.Unlock()
-		if err = formatter.ContainerStatsWrite(statsCtx, ccstats, daemonOSType); err != nil {
+		if err = formatter.ContainerStatsWrite(statsCtx, ccstats, daemonOSType, !opts.noTrunc); err != nil {
 			break
 		}
 		if len(cStats.cs) == 0 && !showAll {

components/cli/cli/command/container/stats_helpers.go

@@ -7,11 +7,11 @@ import (
 	"sync"
 	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/cli/cli/command/formatter"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 	"golang.org/x/net/context"
 )
 
@@ -200,7 +200,8 @@ func calculateCPUPercentWindows(v *types.StatsJSON) float64 {
 	return 0.00
 }
 
-func calculateBlockIO(blkio types.BlkioStats) (blkRead uint64, blkWrite uint64) {
+func calculateBlockIO(blkio types.BlkioStats) (uint64, uint64) {
+	var blkRead, blkWrite uint64
 	for _, bioEntry := range blkio.IoServiceBytesRecursive {
 		switch strings.ToLower(bioEntry.Op) {
 		case "read":
@@ -209,7 +210,7 @@ func calculateBlockIO(blkio types.BlkioStats) (blkRead uint64, blkWrite uint64)
 			blkWrite = blkWrite + bioEntry.Value
 		}
 	}
-	return
+	return blkRead, blkWrite
 }
 
 func calculateNetwork(network map[string]types.NetworkStats) (float64, float64) {

components/cli/cli/command/container/stop.go

@@ -20,7 +20,7 @@ type stopOptions struct {
 }
 
 // NewStopCommand creates a new cobra.Command for `docker stop`
-func NewStopCommand(dockerCli *command.DockerCli) *cobra.Command {
+func NewStopCommand(dockerCli command.Cli) *cobra.Command {
 	var opts stopOptions
 
 	cmd := &cobra.Command{
@@ -39,7 +39,7 @@ func NewStopCommand(dockerCli *command.DockerCli) *cobra.Command {
 	return cmd
 }
 
-func runStop(dockerCli *command.DockerCli, opts *stopOptions) error {
+func runStop(dockerCli command.Cli, opts *stopOptions) error {
 	ctx := context.Background()
 
 	var timeout *time.Duration

components/cli/cli/command/container/top.go

@@ -18,7 +18,7 @@ type topOptions struct {
 }
 
 // NewTopCommand creates a new cobra.Command for `docker top`
-func NewTopCommand(dockerCli *command.DockerCli) *cobra.Command {
+func NewTopCommand(dockerCli command.Cli) *cobra.Command {
 	var opts topOptions
 
 	cmd := &cobra.Command{
@@ -38,7 +38,7 @@ func NewTopCommand(dockerCli *command.DockerCli) *cobra.Command {
 	return cmd
 }
 
-func runTop(dockerCli *command.DockerCli, opts *topOptions) error {
+func runTop(dockerCli command.Cli, opts *topOptions) error {
 	ctx := context.Background()
 
 	procList, err := dockerCli.Client().ContainerTop(ctx, opts.container, opts.args)

components/cli/cli/command/container/tty.go

@@ -7,11 +7,11 @@ import (
 	"runtime"
 	"time"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/client"
 	"github.com/docker/docker/pkg/signal"
+	"github.com/sirupsen/logrus"
 	"golang.org/x/net/context"
 )
 

components/cli/cli/command/container/unpause.go

@@ -16,7 +16,7 @@ type unpauseOptions struct {
 }
 
 // NewUnpauseCommand creates a new cobra.Command for `docker unpause`
-func NewUnpauseCommand(dockerCli *command.DockerCli) *cobra.Command {
+func NewUnpauseCommand(dockerCli command.Cli) *cobra.Command {
 	var opts unpauseOptions
 
 	cmd := &cobra.Command{
@@ -31,7 +31,7 @@ func NewUnpauseCommand(dockerCli *command.DockerCli) *cobra.Command {
 	return cmd
 }
 
-func runUnpause(dockerCli *command.DockerCli, opts *unpauseOptions) error {
+func runUnpause(dockerCli command.Cli, opts *unpauseOptions) error {
 	ctx := context.Background()
 
 	var errs []string

components/cli/cli/command/container/update.go

@@ -35,7 +35,7 @@ type updateOptions struct {
 }
 
 // NewUpdateCommand creates a new cobra.Command for `docker update`
-func NewUpdateCommand(dockerCli *command.DockerCli) *cobra.Command {
+func NewUpdateCommand(dockerCli command.Cli) *cobra.Command {
 	var options updateOptions
 
 	cmd := &cobra.Command{
@@ -72,7 +72,7 @@ func NewUpdateCommand(dockerCli *command.DockerCli) *cobra.Command {
 	return cmd
 }
 
-func runUpdate(dockerCli *command.DockerCli, options *updateOptions) error {
+func runUpdate(dockerCli command.Cli, options *updateOptions) error {
 	var err error
 
 	if options.nFlag == 0 {

components/cli/cli/command/container/utils.go

@@ -3,17 +3,17 @@ package container
 import (
 	"strconv"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/events"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/api/types/versions"
+	"github.com/sirupsen/logrus"
 	"golang.org/x/net/context"
 )
 
-func waitExitOrRemoved(ctx context.Context, dockerCli *command.DockerCli, containerID string, waitRemove bool) <-chan int {
+func waitExitOrRemoved(ctx context.Context, dockerCli command.Cli, containerID string, waitRemove bool) <-chan int {
 	if len(containerID) == 0 {
 		// containerID can never be empty
 		panic("Internal Error: waitExitOrRemoved needs a containerID as parameter")
@@ -47,7 +47,7 @@ func waitExitOrRemoved(ctx context.Context, dockerCli *command.DockerCli, contai
 	return statusC
 }
 
-func legacyWaitExitOrRemoved(ctx context.Context, dockerCli *command.DockerCli, containerID string, waitRemove bool) <-chan int {
+func legacyWaitExitOrRemoved(ctx context.Context, dockerCli command.Cli, containerID string, waitRemove bool) <-chan int {
 	var removeErr error
 	statusChan := make(chan int)
 	exitCode := 125

components/cli/cli/command/container/wait.go

@@ -16,7 +16,7 @@ type waitOptions struct {
 }
 
 // NewWaitCommand creates a new cobra.Command for `docker wait`
-func NewWaitCommand(dockerCli *command.DockerCli) *cobra.Command {
+func NewWaitCommand(dockerCli command.Cli) *cobra.Command {
 	var opts waitOptions
 
 	cmd := &cobra.Command{
@@ -32,7 +32,7 @@ func NewWaitCommand(dockerCli *command.DockerCli) *cobra.Command {
 	return cmd
 }
 
-func runWait(dockerCli *command.DockerCli, opts *waitOptions) error {
+func runWait(dockerCli command.Cli, opts *waitOptions) error {
 	ctx := context.Background()
 
 	var errs []string

components/cli/cli/command/events_utils.go

@@ -3,8 +3,8 @@ package command
 import (
 	"sync"
 
-	"github.com/Sirupsen/logrus"
 	eventtypes "github.com/docker/docker/api/types/events"
+	"github.com/sirupsen/logrus"
 )
 
 // EventHandler is abstract interface for user to customize

components/cli/cli/command/formatter/container.go

@@ -10,7 +10,6 @@ import (
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/pkg/stringutils"
 	"github.com/docker/go-units"
 )
 
@@ -165,7 +164,7 @@ func (c *containerContext) Image() string {
 func (c *containerContext) Command() string {
 	command := c.c.Command
 	if c.trunc {
-		command = stringutils.Ellipsis(command, 20)
+		command = Ellipsis(command, 20)
 	}
 	return strconv.Quote(command)
 }
@@ -227,7 +226,7 @@ func (c *containerContext) Mounts() string {
 			name = m.Name
 		}
 		if c.trunc {
-			name = stringutils.Ellipsis(name, 15)
+			name = Ellipsis(name, 15)
 		}
 		mounts = append(mounts, name)
 	}

components/cli/cli/command/formatter/container_test.go

@@ -10,6 +10,7 @@ import (
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/pkg/stringid"
+	"github.com/gotestyourself/gotestyourself/golden"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -65,7 +66,7 @@ func TestContainerPsContext(t *testing.T) {
 					Source: "/a/path",
 				},
 			},
-		}, true, "this-is-a-lo...", ctx.Mounts},
+		}, true, "this-is-a-long…", ctx.Mounts},
 		{types.Container{
 			Mounts: []types.MountPoint{
 				{
@@ -230,10 +231,7 @@ size: 0B
 		// Special headers for customized table format
 		{
 			Context{Format: NewContainerFormat(`table {{truncate .ID 5}}\t{{json .Image}} {{.RunningFor}}/{{title .Status}}/{{pad .Ports 2 2}}.{{upper .Names}} {{lower .Status}}`, false, true)},
-			`CONTAINER ID        IMAGE CREATED/STATUS/  PORTS  .NAMES STATUS
-conta               "ubuntu" 24 hours ago//.FOOBAR_BAZ 
-conta               "ubuntu" 24 hours ago//.FOOBAR_BAR 
-`,
+			string(golden.Get(t, "container-context-write-special-headers.golden")),
 		},
 	}
 

components/cli/cli/command/formatter/disk_usage.go

@@ -118,11 +118,11 @@ func (ctx *DiskUsageContext) Write() (err error) {
 	return err
 }
 
-func (ctx *DiskUsageContext) verboseWrite() (err error) {
+func (ctx *DiskUsageContext) verboseWrite() error {
 	// First images
 	tmpl, err := ctx.startSubsection(defaultDiskUsageImageTableFormat)
 	if err != nil {
-		return
+		return err
 	}
 
 	ctx.Output.Write([]byte("Images space usage:\n\n"))
@@ -141,14 +141,14 @@ func (ctx *DiskUsageContext) verboseWrite() (err error) {
 			}
 		}
 
-		err = ctx.contextFormat(tmpl, &imageContext{
+		err := ctx.contextFormat(tmpl, &imageContext{
 			repo:  repo,
 			tag:   tag,
 			trunc: true,
 			i:     *i,
 		})
 		if err != nil {
-			return
+			return err
 		}
 	}
 	ctx.postFormat(tmpl, newImageContext())
@@ -157,17 +157,14 @@ func (ctx *DiskUsageContext) verboseWrite() (err error) {
 	ctx.Output.Write([]byte("\nContainers space usage:\n\n"))
 	tmpl, err = ctx.startSubsection(defaultDiskUsageContainerTableFormat)
 	if err != nil {
-		return
+		return err
 	}
 	for _, c := range ctx.Containers {
 		// Don't display the virtual size
 		c.SizeRootFs = 0
-		err = ctx.contextFormat(tmpl, &containerContext{
-			trunc: true,
-			c:     *c,
-		})
+		err := ctx.contextFormat(tmpl, &containerContext{trunc: true, c: *c})
 		if err != nil {
-			return
+			return err
 		}
 	}
 	ctx.postFormat(tmpl, newContainerContext())
@@ -176,21 +173,18 @@ func (ctx *DiskUsageContext) verboseWrite() (err error) {
 	ctx.Output.Write([]byte("\nLocal Volumes space usage:\n\n"))
 	tmpl, err = ctx.startSubsection(defaultDiskUsageVolumeTableFormat)
 	if err != nil {
-		return
+		return err
 	}
 	for _, v := range ctx.Volumes {
-		err = ctx.contextFormat(tmpl, &volumeContext{
-			v: *v,
-		})
-		if err != nil {
-			return
+		if err := ctx.contextFormat(tmpl, &volumeContext{v: *v}); err != nil {
+			return err
 		}
 	}
 	ctx.postFormat(tmpl, newVolumeContext())
 
 	// And build cache
 	fmt.Fprintf(ctx.Output, "\nBuild cache usage: %s\n\n", units.HumanSize(float64(ctx.BuilderSize)))
-	return
+	return nil
 }
 
 type diskUsageImagesContext struct {

components/cli/cli/command/formatter/disk_usage_test.go

@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"testing"
 
+	"github.com/gotestyourself/gotestyourself/golden"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -83,12 +84,7 @@ Build Cache                                                 0B
 					Format: NewDiskUsageFormat("table {{.Type}}\t{{.Active}}"),
 				},
 			},
-			`TYPE                ACTIVE
-Images              0
-Containers          0
-Local Volumes       0
-Build Cache         
-`,
+			string(golden.Get(t, "disk-usage-context-write-custom.golden")),
 		},
 		// Raw Format
 		{
@@ -97,31 +93,7 @@ Build Cache
 					Format: NewDiskUsageFormat("raw"),
 				},
 			},
-			`type: Images
-total: 0
-active: 0
-size: 0B
-reclaimable: 0B
-
-type: Containers
-total: 0
-active: 0
-size: 0B
-reclaimable: 0B
-
-type: Local Volumes
-total: 0
-active: 0
-size: 0B
-reclaimable: 0B
-
-type: Build Cache
-total: 
-active: 
-size: 0B
-reclaimable: 0B
-
-`,
+			string(golden.Get(t, "disk-usage-raw-format.golden")),
 		},
 	}
 

components/cli/cli/command/formatter/displayutils.go

@@ -0,0 +1,61 @@
+package formatter
+
+import (
+	"unicode/utf8"
+
+	"golang.org/x/text/width"
+)
+
+// charWidth returns the number of horizontal positions a character occupies,
+// and is used to account for wide characters when displaying strings.
+//
+// In a broad sense, wide characters include East Asian Wide, East Asian Full-width,
+// (when not in East Asian context) see http://unicode.org/reports/tr11/.
+func charWidth(r rune) int {
+	switch width.LookupRune(r).Kind() {
+	case width.EastAsianWide, width.EastAsianFullwidth:
+		return 2
+	default:
+		return 1
+	}
+}
+
+// Ellipsis truncates a string to fit within maxDisplayWidth, and appends ellipsis (…).
+// For maxDisplayWidth of 1 and lower, no ellipsis is appended.
+// For maxDisplayWidth of 1, first char of string will return even if its width > 1.
+func Ellipsis(s string, maxDisplayWidth int) string {
+	if maxDisplayWidth <= 0 {
+		return ""
+	}
+	rs := []rune(s)
+	if maxDisplayWidth == 1 {
+		return string(rs[0])
+	}
+
+	byteLen := len(s)
+	if byteLen == utf8.RuneCountInString(s) {
+		if byteLen <= maxDisplayWidth {
+			return s
+		}
+		return string(rs[:maxDisplayWidth-1]) + "…"
+	}
+
+	var (
+		display      []int
+		displayWidth int
+	)
+	for _, r := range rs {
+		cw := charWidth(r)
+		displayWidth += cw
+		display = append(display, displayWidth)
+	}
+	if displayWidth <= maxDisplayWidth {
+		return s
+	}
+	for i := range display {
+		if display[i] <= maxDisplayWidth-1 && display[i+1] > maxDisplayWidth-1 {
+			return string(rs[:i+1]) + "…"
+		}
+	}
+	return s
+}

components/cli/cli/command/formatter/displayutils_test.go

@@ -0,0 +1,30 @@
+package formatter
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestEllipsis(t *testing.T) {
+	var testcases = []struct {
+		source   string
+		width    int
+		expected string
+	}{
+		{source: "t🐳ststring", width: 0, expected: ""},
+		{source: "t🐳ststring", width: 1, expected: "t"},
+		{source: "t🐳ststring", width: 2, expected: "t…"},
+		{source: "t🐳ststring", width: 6, expected: "t🐳st…"},
+		{source: "t🐳ststring", width: 20, expected: "t🐳ststring"},
+		{source: "你好世界teststring", width: 0, expected: ""},
+		{source: "你好世界teststring", width: 1, expected: "你"},
+		{source: "你好世界teststring", width: 3, expected: "你…"},
+		{source: "你好世界teststring", width: 6, expected: "你好…"},
+		{source: "你好世界teststring", width: 20, expected: "你好世界teststring"},
+	}
+
+	for _, testcase := range testcases {
+		assert.Equal(t, testcase.expected, Ellipsis(testcase.source, testcase.width))
+	}
+}

components/cli/cli/command/formatter/history.go

@@ -7,7 +7,6 @@ import (
 
 	"github.com/docker/docker/api/types/image"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/pkg/stringutils"
 	units "github.com/docker/go-units"
 )
 
@@ -93,7 +92,7 @@ func (c *historyContext) CreatedSince() string {
 func (c *historyContext) CreatedBy() string {
 	createdBy := strings.Replace(c.h.CreatedBy, "\t", " ", -1)
 	if c.trunc {
-		return stringutils.Ellipsis(createdBy, 45)
+		return Ellipsis(createdBy, 45)
 	}
 	return createdBy
 }

components/cli/cli/command/formatter/history_test.go

@@ -10,7 +10,6 @@ import (
 
 	"github.com/docker/docker/api/types/image"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/pkg/stringutils"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -96,7 +95,7 @@ func TestHistoryContext_CreatedBy(t *testing.T) {
 			historyContext{
 				h:     image.HistoryResponseItem{CreatedBy: withTabs},
 				trunc: true,
-			}, stringutils.Ellipsis(expected, 45), ctx.CreatedBy,
+			}, Ellipsis(expected, 45), ctx.CreatedBy,
 		},
 	}
 
@@ -191,7 +190,7 @@ imageID3            24 hours ago        /bin/bash ls
 imageID4            24 hours ago        /bin/bash grep                                                                                                                 183MB               Hi
 `
 	expectedTrunc := `IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
-imageID1            24 hours ago        /bin/bash ls && npm i && npm run test && k...   183MB               Hi
+imageID1            24 hours ago        /bin/bash ls && npm i && npm run test && kar…   183MB               Hi
 imageID2            24 hours ago        /bin/bash echo                                  183MB               Hi
 imageID3            24 hours ago        /bin/bash ls                                    183MB               Hi
 imageID4            24 hours ago        /bin/bash grep                                  183MB               Hi

components/cli/cli/command/formatter/plugin.go

@@ -5,7 +5,6 @@ import (
 
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/pkg/stringid"
-	"github.com/docker/docker/pkg/stringutils"
 )
 
 const (
@@ -80,7 +79,7 @@ func (c *pluginContext) Description() string {
 	desc := strings.Replace(c.p.Config.Description, "\n", "", -1)
 	desc = strings.Replace(desc, "\r", "", -1)
 	if c.trunc {
-		desc = stringutils.Ellipsis(desc, 45)
+		desc = Ellipsis(desc, 45)
 	}
 
 	return desc

components/cli/cli/command/formatter/search.go

@@ -5,7 +5,6 @@ import (
 	"strings"
 
 	registry "github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/pkg/stringutils"
 )
 
 const (
@@ -73,7 +72,7 @@ func (c *searchContext) Description() string {
 	desc := strings.Replace(c.s.Description, "\n", " ", -1)
 	desc = strings.Replace(desc, "\r", " ", -1)
 	if c.trunc {
-		desc = stringutils.Ellipsis(desc, 45)
+		desc = Ellipsis(desc, 45)
 	}
 	return desc
 }

components/cli/cli/command/formatter/search_test.go

@@ -7,7 +7,7 @@ import (
 	"testing"
 
 	registrytypes "github.com/docker/docker/api/types/registry"
-	"github.com/docker/docker/pkg/stringutils"
+	"github.com/gotestyourself/gotestyourself/golden"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -78,7 +78,7 @@ func TestSearchContextDescription(t *testing.T) {
 		{searchContext{
 			s:     registrytypes.SearchResult{Description: longDescription},
 			trunc: true,
-		}, stringutils.Ellipsis(longDescription, 45), ctx.Description},
+		}, Ellipsis(longDescription, 45), ctx.Description},
 		{searchContext{
 			s:     registrytypes.SearchResult{Description: descriptionWReturns},
 			trunc: false,
@@ -86,7 +86,7 @@ func TestSearchContextDescription(t *testing.T) {
 		{searchContext{
 			s:     registrytypes.SearchResult{Description: descriptionWReturns},
 			trunc: true,
-		}, stringutils.Ellipsis(longDescription, 45), ctx.Description},
+		}, Ellipsis(longDescription, 45), ctx.Description},
 	}
 
 	for _, c := range cases {
@@ -120,10 +120,7 @@ func TestSearchContextWrite(t *testing.T) {
 		// Table format
 		{
 			Context{Format: NewSearchFormat("table")},
-			`NAME                DESCRIPTION         STARS               OFFICIAL            AUTOMATED
-result1             Official build      5000                [OK]                
-result2             Not official        5                                       [OK]
-`,
+			string(golden.Get(t, "search-context-write-table.golden")),
 		},
 		{
 			Context{Format: NewSearchFormat("table {{.Name}}")},
@@ -210,9 +207,7 @@ func TestSearchContextWriteStars(t *testing.T) {
 		// Table format
 		{
 			Context{Format: NewSearchFormat("table")},
-			`NAME                DESCRIPTION         STARS               OFFICIAL            AUTOMATED
-result1             Official build      5000                [OK]                
-`,
+			string(golden.Get(t, "search-context-write-stars-table.golden")),
 		},
 		{
 			Context{Format: NewSearchFormat("table {{.Name}}")},

components/cli/cli/command/formatter/secret.go

@@ -12,19 +12,20 @@ import (
 )
 
 const (
-	defaultSecretTableFormat           = "table {{.ID}}\t{{.Name}}\t{{.CreatedAt}}\t{{.UpdatedAt}}"
+	defaultSecretTableFormat           = "table {{.ID}}\t{{.Name}}\t{{.Driver}}\t{{.CreatedAt}}\t{{.UpdatedAt}}"
 	secretIDHeader                     = "ID"
 	secretCreatedHeader                = "CREATED"
 	secretUpdatedHeader                = "UPDATED"
-	secretInspectPrettyTemplate Format = `ID:			{{.ID}}
-Name:			{{.Name}}
+	secretInspectPrettyTemplate Format = `ID:              {{.ID}}
+Name:              {{.Name}}
 {{- if .Labels }}
 Labels:
 {{- range $k, $v := .Labels }}
  - {{ $k }}{{if $v }}={{ $v }}{{ end }}
 {{- end }}{{ end }}
-Created at:            	{{.CreatedAt}}
-Updated at:            	{{.UpdatedAt}}`
+Driver:            {{.Driver}}
+Created at:        {{.CreatedAt}}
+Updated at:        {{.UpdatedAt}}`
 )
 
 // NewSecretFormat returns a Format for rendering using a secret Context
@@ -61,6 +62,7 @@ func newSecretContext() *secretContext {
 	sCtx.header = map[string]string{
 		"ID":        secretIDHeader,
 		"Name":      nameHeader,
+		"Driver":    driverHeader,
 		"CreatedAt": secretCreatedHeader,
 		"UpdatedAt": secretUpdatedHeader,
 		"Labels":    labelsHeader,
@@ -89,6 +91,13 @@ func (c *secretContext) CreatedAt() string {
 	return units.HumanDuration(time.Now().UTC().Sub(c.s.Meta.CreatedAt)) + " ago"
 }
 
+func (c *secretContext) Driver() string {
+	if c.s.Spec.Driver == nil {
+		return ""
+	}
+	return c.s.Spec.Driver.Name
+}
+
 func (c *secretContext) UpdatedAt() string {
 	return units.HumanDuration(time.Now().UTC().Sub(c.s.Meta.UpdatedAt)) + " ago"
 }
@@ -153,6 +162,13 @@ func (ctx *secretInspectContext) Labels() map[string]string {
 	return ctx.Secret.Spec.Labels
 }
 
+func (ctx *secretInspectContext) Driver() string {
+	if ctx.Secret.Spec.Driver == nil {
+		return ""
+	}
+	return ctx.Secret.Spec.Driver.Name
+}
+
 func (ctx *secretInspectContext) CreatedAt() string {
 	return command.PrettyPrint(ctx.Secret.CreatedAt)
 }

components/cli/cli/command/formatter/secret_test.go

@@ -28,9 +28,9 @@ func TestSecretContextFormatWrite(t *testing.T) {
 		},
 		// Table format
 		{Context{Format: NewSecretFormat("table", false)},
-			`ID                  NAME                CREATED                  UPDATED
-1                   passwords           Less than a second ago   Less than a second ago
-2                   id_rsa              Less than a second ago   Less than a second ago
+			`ID                  NAME                DRIVER              CREATED                  UPDATED
+1                   passwords                               Less than a second ago   Less than a second ago
+2                   id_rsa                                  Less than a second ago   Less than a second ago
 `},
 		{Context{Format: NewSecretFormat("table {{.Name}}", true)},
 			`NAME

components/cli/cli/command/formatter/service.go

@@ -504,7 +504,10 @@ func (c *serviceContext) Replicas() string {
 }
 
 func (c *serviceContext) Image() string {
-	image := c.service.Spec.TaskTemplate.ContainerSpec.Image
+	var image string
+	if c.service.Spec.TaskTemplate.ContainerSpec != nil {
+		image = c.service.Spec.TaskTemplate.ContainerSpec.Image
+	}
 	if ref, err := reference.ParseNormalizedNamed(image); err == nil {
 		// update image string for display, (strips any digest)
 		if nt, ok := ref.(reference.NamedTagged); ok {

components/cli/cli/command/formatter/service_test.go

@@ -8,6 +8,7 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types/swarm"
+	"github.com/gotestyourself/gotestyourself/golden"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -59,21 +60,7 @@ bar
 		// Raw Format
 		{
 			Context{Format: NewServiceListFormat("raw", false)},
-			`id: id_baz
-name: baz
-mode: global
-replicas: 2/4
-image: 
-ports: *:80->8080/tcp
-
-id: id_bar
-name: bar
-mode: replicated
-replicas: 2/4
-image: 
-ports: *:80->8080/tcp
-
-`,
+			string(golden.Get(t, "service-context-write-raw.golden")),
 		},
 		{
 			Context{Format: NewServiceListFormat("raw", true)},

components/cli/cli/command/formatter/stats.go

@@ -4,13 +4,14 @@ import (
 	"fmt"
 	"sync"
 
+	"github.com/docker/docker/pkg/stringid"
 	units "github.com/docker/go-units"
 )
 
 const (
 	winOSType                  = "windows"
-	defaultStatsTableFormat    = "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.MemPerc}}\t{{.NetIO}}\t{{.BlockIO}}\t{{.PIDs}}"
-	winDefaultStatsTableFormat = "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.NetIO}}\t{{.BlockIO}}"
+	defaultStatsTableFormat    = "table {{.ID}}\t{{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.MemPerc}}\t{{.NetIO}}\t{{.BlockIO}}\t{{.PIDs}}"
+	winDefaultStatsTableFormat = "table {{.ID}}\t{{.Name}}\t{{.CPUPerc}}\t{{.MemUsage}}\t{{.NetIO}}\t{{.BlockIO}}"
 
 	containerHeader = "CONTAINER"
 	cpuPercHeader   = "CPU %"
@@ -114,12 +115,13 @@ func NewContainerStats(container string) *ContainerStats {
 }
 
 // ContainerStatsWrite renders the context for a list of containers statistics
-func ContainerStatsWrite(ctx Context, containerStats []StatsEntry, osType string) error {
+func ContainerStatsWrite(ctx Context, containerStats []StatsEntry, osType string, trunc bool) error {
 	render := func(format func(subContext subContext) error) error {
 		for _, cstats := range containerStats {
 			containerStatsCtx := &containerStatsContext{
-				s:  cstats,
-				os: osType,
+				s:     cstats,
+				os:    osType,
+				trunc: trunc,
 			}
 			if err := format(containerStatsCtx); err != nil {
 				return err
@@ -149,8 +151,9 @@ func ContainerStatsWrite(ctx Context, containerStats []StatsEntry, osType string
 
 type containerStatsContext struct {
 	HeaderContext
-	s  StatsEntry
-	os string
+	s     StatsEntry
+	os    string
+	trunc bool
 }
 
 func (c *containerStatsContext) MarshalJSON() ([]byte, error) {
@@ -169,6 +172,9 @@ func (c *containerStatsContext) Name() string {
 }
 
 func (c *containerStatsContext) ID() string {
+	if c.trunc {
+		return stringid.TruncateID(c.s.ID)
+	}
 	return c.s.ID
 }
 

components/cli/cli/command/formatter/stats_test.go

@@ -114,7 +114,7 @@ container2  --
 		}
 		var out bytes.Buffer
 		te.context.Output = &out
-		err := ContainerStatsWrite(te.context, stats, "linux")
+		err := ContainerStatsWrite(te.context, stats, "linux", false)
 		if err != nil {
 			assert.EqualError(t, err, te.expected)
 		} else {
@@ -180,7 +180,7 @@ container2  --  --
 		}
 		var out bytes.Buffer
 		te.context.Output = &out
-		err := ContainerStatsWrite(te.context, stats, "windows")
+		err := ContainerStatsWrite(te.context, stats, "windows", false)
 		if err != nil {
 			assert.EqualError(t, err, te.expected)
 		} else {
@@ -220,7 +220,7 @@ func TestContainerStatsContextWriteWithNoStats(t *testing.T) {
 	}
 
 	for _, context := range contexts {
-		ContainerStatsWrite(context.context, []StatsEntry{}, "linux")
+		ContainerStatsWrite(context.context, []StatsEntry{}, "linux", false)
 		assert.Equal(t, context.expected, out.String())
 		// Clean buffer
 		out.Reset()
@@ -258,7 +258,41 @@ func TestContainerStatsContextWriteWithNoStatsWindows(t *testing.T) {
 	}
 
 	for _, context := range contexts {
-		ContainerStatsWrite(context.context, []StatsEntry{}, "windows")
+		ContainerStatsWrite(context.context, []StatsEntry{}, "windows", false)
+		assert.Equal(t, context.expected, out.String())
+		// Clean buffer
+		out.Reset()
+	}
+}
+
+func TestContainerStatsContextWriteTrunc(t *testing.T) {
+	var out bytes.Buffer
+
+	contexts := []struct {
+		context  Context
+		trunc    bool
+		expected string
+	}{
+		{
+			Context{
+				Format: "{{.ID}}",
+				Output: &out,
+			},
+			false,
+			"b95a83497c9161c9b444e3d70e1a9dfba0c1840d41720e146a95a08ebf938afc\n",
+		},
+		{
+			Context{
+				Format: "{{.ID}}",
+				Output: &out,
+			},
+			true,
+			"b95a83497c91\n",
+		},
+	}
+
+	for _, context := range contexts {
+		ContainerStatsWrite(context.context, []StatsEntry{{ID: "b95a83497c9161c9b444e3d70e1a9dfba0c1840d41720e146a95a08ebf938afc"}}, "linux", context.trunc)
 		assert.Equal(t, context.expected, out.String())
 		// Clean buffer
 		out.Reset()

components/cli/cli/command/formatter/task_test.go

@@ -7,6 +7,7 @@ import (
 	"testing"
 
 	"github.com/docker/docker/api/types/swarm"
+	"github.com/gotestyourself/gotestyourself/golden"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -33,10 +34,7 @@ taskID2
 		},
 		{
 			Context{Format: NewTaskFormat("table {{.Name}}\t{{.Node}}\t{{.Ports}}", false)},
-			`NAME                NODE                PORTS
-foobar_baz          foo1                
-foobar_bar          foo2                
-`,
+			string(golden.Get(t, "task-context-write-table-custom.golden")),
 		},
 		{
 			Context{Format: NewTaskFormat("table {{.Name}}", true)},

components/cli/cli/command/formatter/testdata/container-context-write-special-headers.golden

@@ -0,0 +1,3 @@
+CONTAINER ID        IMAGE CREATED/STATUS/  PORTS  .NAMES STATUS
+conta               "ubuntu" 24 hours ago//.FOOBAR_BAZ 
+conta               "ubuntu" 24 hours ago//.FOOBAR_BAR 

components/cli/cli/command/formatter/testdata/disk-usage-context-write-custom.golden

@@ -0,0 +1,5 @@
+TYPE                ACTIVE
+Images              0
+Containers          0
+Local Volumes       0
+Build Cache         

components/cli/cli/command/formatter/testdata/disk-usage-raw-format.golden

@@ -0,0 +1,24 @@
+type: Images
+total: 0
+active: 0
+size: 0B
+reclaimable: 0B
+
+type: Containers
+total: 0
+active: 0
+size: 0B
+reclaimable: 0B
+
+type: Local Volumes
+total: 0
+active: 0
+size: 0B
+reclaimable: 0B
+
+type: Build Cache
+total: 
+active: 
+size: 0B
+reclaimable: 0B
+

components/cli/cli/command/formatter/testdata/search-context-write-stars-table.golden

@@ -0,0 +1,2 @@
+NAME                DESCRIPTION         STARS               OFFICIAL            AUTOMATED
+result1             Official build      5000                [OK]                

components/cli/cli/command/formatter/testdata/search-context-write-table.golden

@@ -0,0 +1,3 @@
+NAME                DESCRIPTION         STARS               OFFICIAL            AUTOMATED
+result1             Official build      5000                [OK]                
+result2             Not official        5                                       [OK]

components/cli/cli/command/formatter/testdata/service-context-write-raw.golden

@@ -0,0 +1,14 @@
+id: id_baz
+name: baz
+mode: global
+replicas: 2/4
+image: 
+ports: *:80->8080/tcp
+
+id: id_bar
+name: bar
+mode: replicated
+replicas: 2/4
+image: 
+ports: *:80->8080/tcp
+

components/cli/cli/command/formatter/testdata/task-context-write-table-custom.golden

@@ -0,0 +1,3 @@
+NAME                NODE                PORTS
+foobar_baz          foo1                
+foobar_bar          foo2                

components/cli/cli/command/formatter/trust.go

@@ -0,0 +1,150 @@
+package formatter
+
+import (
+	"sort"
+	"strings"
+
+	"github.com/docker/docker/pkg/stringid"
+)
+
+const (
+	defaultTrustTagTableFormat   = "table {{.SignedTag}}\t{{.Digest}}\t{{.Signers}}"
+	signedTagNameHeader          = "SIGNED TAG"
+	trustedDigestHeader          = "DIGEST"
+	signersHeader                = "SIGNERS"
+	defaultSignerInfoTableFormat = "table {{.Signer}}\t{{.Keys}}"
+	signerNameHeader             = "SIGNER"
+	keysHeader                   = "KEYS"
+)
+
+// SignedTagInfo represents all formatted information needed to describe a signed tag:
+// Name: name of the signed tag
+// Digest: hex encoded digest of the contents
+// Signers: list of entities who signed the tag
+type SignedTagInfo struct {
+	Name    string
+	Digest  string
+	Signers []string
+}
+
+// SignerInfo represents all formatted information needed to describe a signer:
+// Name: name of the signer role
+// Keys: the keys associated with the signer
+type SignerInfo struct {
+	Name string
+	Keys []string
+}
+
+// NewTrustTagFormat returns a Format for rendering using a trusted tag Context
+func NewTrustTagFormat() Format {
+	return defaultTrustTagTableFormat
+}
+
+// NewSignerInfoFormat returns a Format for rendering a signer role info Context
+func NewSignerInfoFormat() Format {
+	return defaultSignerInfoTableFormat
+}
+
+// TrustTagWrite writes the context
+func TrustTagWrite(ctx Context, signedTagInfoList []SignedTagInfo) error {
+	render := func(format func(subContext subContext) error) error {
+		for _, signedTag := range signedTagInfoList {
+			if err := format(&trustTagContext{s: signedTag}); err != nil {
+				return err
+			}
+		}
+		return nil
+	}
+	trustTagCtx := trustTagContext{}
+	trustTagCtx.header = trustTagHeaderContext{
+		"SignedTag": signedTagNameHeader,
+		"Digest":    trustedDigestHeader,
+		"Signers":   signersHeader,
+	}
+	return ctx.Write(&trustTagCtx, render)
+}
+
+type trustTagHeaderContext map[string]string
+
+type trustTagContext struct {
+	HeaderContext
+	s SignedTagInfo
+}
+
+// SignedTag returns the name of the signed tag
+func (c *trustTagContext) SignedTag() string {
+	return c.s.Name
+}
+
+// Digest returns the hex encoded digest associated with this signed tag
+func (c *trustTagContext) Digest() string {
+	return c.s.Digest
+}
+
+// Signers returns the sorted list of entities who signed this tag
+func (c *trustTagContext) Signers() string {
+	sort.Strings(c.s.Signers)
+	return strings.Join(c.s.Signers, ", ")
+}
+
+// SignerInfoWrite writes the context
+func SignerInfoWrite(ctx Context, signerInfoList []SignerInfo) error {
+	render := func(format func(subContext subContext) error) error {
+		for _, signerInfo := range signerInfoList {
+			if err := format(&signerInfoContext{
+				trunc: ctx.Trunc,
+				s:     signerInfo,
+			}); err != nil {
+				return err
+			}
+		}
+		return nil
+	}
+	signerInfoCtx := signerInfoContext{}
+	signerInfoCtx.header = signerInfoHeaderContext{
+		"Signer": signerNameHeader,
+		"Keys":   keysHeader,
+	}
+	return ctx.Write(&signerInfoCtx, render)
+}
+
+type signerInfoHeaderContext map[string]string
+
+type signerInfoContext struct {
+	HeaderContext
+	trunc bool
+	s     SignerInfo
+}
+
+// Keys returns the sorted list of keys associated with the signer
+func (c *signerInfoContext) Keys() string {
+	sort.Strings(c.s.Keys)
+	truncatedKeys := []string{}
+	if c.trunc {
+		for _, keyID := range c.s.Keys {
+			truncatedKeys = append(truncatedKeys, stringid.TruncateID(keyID))
+		}
+		return strings.Join(truncatedKeys, ", ")
+	}
+	return strings.Join(c.s.Keys, ", ")
+}
+
+// Signer returns the name of the signer
+func (c *signerInfoContext) Signer() string {
+	return c.s.Name
+}
+
+// SignerInfoList helps sort []SignerInfo by signer names
+type SignerInfoList []SignerInfo
+
+func (signerInfoComp SignerInfoList) Len() int {
+	return len(signerInfoComp)
+}
+
+func (signerInfoComp SignerInfoList) Less(i, j int) bool {
+	return signerInfoComp[i].Name < signerInfoComp[j].Name
+}
+
+func (signerInfoComp SignerInfoList) Swap(i, j int) {
+	signerInfoComp[i], signerInfoComp[j] = signerInfoComp[j], signerInfoComp[i]
+}

components/cli/cli/command/formatter/trust_test.go

@@ -0,0 +1,238 @@
+package formatter
+
+import (
+	"bytes"
+	"testing"
+
+	"github.com/docker/docker/pkg/stringid"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestTrustTag(t *testing.T) {
+	digest := stringid.GenerateRandomID()
+	trustedTag := "tag"
+
+	var ctx trustTagContext
+
+	cases := []struct {
+		trustTagCtx trustTagContext
+		expValue    string
+		call        func() string
+	}{
+		{
+			trustTagContext{
+				s: SignedTagInfo{Name: trustedTag,
+					Digest:  digest,
+					Signers: nil,
+				},
+			},
+			digest,
+			ctx.Digest,
+		},
+		{
+			trustTagContext{
+				s: SignedTagInfo{Name: trustedTag,
+					Digest:  digest,
+					Signers: nil,
+				},
+			},
+			trustedTag,
+			ctx.SignedTag,
+		},
+		// Empty signers makes a row with empty string
+		{
+			trustTagContext{
+				s: SignedTagInfo{Name: trustedTag,
+					Digest:  digest,
+					Signers: nil,
+				},
+			},
+			"",
+			ctx.Signers,
+		},
+		{
+			trustTagContext{
+				s: SignedTagInfo{Name: trustedTag,
+					Digest:  digest,
+					Signers: []string{"alice", "bob", "claire"},
+				},
+			},
+			"alice, bob, claire",
+			ctx.Signers,
+		},
+		// alphabetic signing on Signers
+		{
+			trustTagContext{
+				s: SignedTagInfo{Name: trustedTag,
+					Digest:  digest,
+					Signers: []string{"claire", "bob", "alice"},
+				},
+			},
+			"alice, bob, claire",
+			ctx.Signers,
+		},
+	}
+
+	for _, c := range cases {
+		ctx = c.trustTagCtx
+		v := c.call()
+		if v != c.expValue {
+			t.Fatalf("Expected %s, was %s\n", c.expValue, v)
+		}
+	}
+}
+
+func TestTrustTagContextWrite(t *testing.T) {
+
+	cases := []struct {
+		context  Context
+		expected string
+	}{
+		// Errors
+		{
+			Context{
+				Format: "{{InvalidFunction}}",
+			},
+			`Template parsing error: template: :1: function "InvalidFunction" not defined
+`,
+		},
+		{
+			Context{
+				Format: "{{nil}}",
+			},
+			`Template parsing error: template: :1:2: executing "" at <nil>: nil is not a command
+`,
+		},
+		// Table Format
+		{
+			Context{
+				Format: NewTrustTagFormat(),
+			},
+			`SIGNED TAG          DIGEST              SIGNERS
+tag1                deadbeef            alice
+tag2                aaaaaaaa            alice, bob
+tag3                bbbbbbbb            
+`,
+		},
+	}
+
+	for _, testcase := range cases {
+		signedTags := []SignedTagInfo{
+			{Name: "tag1", Digest: "deadbeef", Signers: []string{"alice"}},
+			{Name: "tag2", Digest: "aaaaaaaa", Signers: []string{"alice", "bob"}},
+			{Name: "tag3", Digest: "bbbbbbbb", Signers: []string{}},
+		}
+		out := bytes.NewBufferString("")
+		testcase.context.Output = out
+		err := TrustTagWrite(testcase.context, signedTags)
+		if err != nil {
+			assert.EqualError(t, err, testcase.expected)
+		} else {
+			assert.Equal(t, testcase.expected, out.String())
+		}
+	}
+}
+
+// With no trust data, the TrustTagWrite will print an empty table:
+// it's up to the caller to decide whether or not to print this versus an error
+func TestTrustTagContextEmptyWrite(t *testing.T) {
+
+	emptyCase := struct {
+		context  Context
+		expected string
+	}{
+		Context{
+			Format: NewTrustTagFormat(),
+		},
+		`SIGNED TAG          DIGEST              SIGNERS
+`,
+	}
+
+	emptySignedTags := []SignedTagInfo{}
+	out := bytes.NewBufferString("")
+	emptyCase.context.Output = out
+	err := TrustTagWrite(emptyCase.context, emptySignedTags)
+	assert.NoError(t, err)
+	assert.Equal(t, emptyCase.expected, out.String())
+}
+
+func TestSignerInfoContextEmptyWrite(t *testing.T) {
+	emptyCase := struct {
+		context  Context
+		expected string
+	}{
+		Context{
+			Format: NewSignerInfoFormat(),
+		},
+		`SIGNER              KEYS
+`,
+	}
+	emptySignerInfo := []SignerInfo{}
+	out := bytes.NewBufferString("")
+	emptyCase.context.Output = out
+	err := SignerInfoWrite(emptyCase.context, emptySignerInfo)
+	assert.NoError(t, err)
+	assert.Equal(t, emptyCase.expected, out.String())
+}
+
+func TestSignerInfoContextWrite(t *testing.T) {
+	cases := []struct {
+		context  Context
+		expected string
+	}{
+		// Errors
+		{
+			Context{
+				Format: "{{InvalidFunction}}",
+			},
+			`Template parsing error: template: :1: function "InvalidFunction" not defined
+`,
+		},
+		{
+			Context{
+				Format: "{{nil}}",
+			},
+			`Template parsing error: template: :1:2: executing "" at <nil>: nil is not a command
+`,
+		},
+		// Table Format
+		{
+			Context{
+				Format: NewSignerInfoFormat(),
+				Trunc:  true,
+			},
+			`SIGNER              KEYS
+alice               key11, key12
+bob                 key21
+eve                 foobarbazqux, key31, key32
+`,
+		},
+		// No truncation
+		{
+			Context{
+				Format: NewSignerInfoFormat(),
+			},
+			`SIGNER              KEYS
+alice               key11, key12
+bob                 key21
+eve                 foobarbazquxquux, key31, key32
+`,
+		},
+	}
+
+	for _, testcase := range cases {
+		signerInfo := SignerInfoList{
+			{Name: "alice", Keys: []string{"key11", "key12"}},
+			{Name: "bob", Keys: []string{"key21"}},
+			{Name: "eve", Keys: []string{"key31", "key32", "foobarbazquxquux"}},
+		}
+		out := bytes.NewBufferString("")
+		testcase.context.Output = out
+		err := SignerInfoWrite(testcase.context, signerInfo)
+		if err != nil {
+			assert.EqualError(t, err, testcase.expected)
+		} else {
+			assert.Equal(t, testcase.expected, out.String())
+		}
+	}
+}

components/cli/cli/command/image/build.go

@@ -12,7 +12,6 @@ import (
 	"regexp"
 	"runtime"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/command/image/build"
@@ -22,12 +21,14 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/pkg/archive"
+	"github.com/docker/docker/pkg/idtools"
 	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/docker/docker/pkg/progress"
 	"github.com/docker/docker/pkg/streamformatter"
 	"github.com/docker/docker/pkg/urlutil"
 	units "github.com/docker/go-units"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"golang.org/x/net/context"
 )
@@ -243,6 +244,7 @@ func runBuild(dockerCli command.Cli, options buildOptions) error {
 		excludes = build.TrimBuildFilesFromExcludes(excludes, relDockerfile, options.dockerfileFromStdin())
 		buildCtx, err = archive.TarWithOptions(contextDir, &archive.TarOptions{
 			ExcludePatterns: excludes,
+			ChownOpts:       &idtools.IDPair{UID: 0, GID: 0},
 		})
 		if err != nil {
 			return err
@@ -376,13 +378,13 @@ func runBuild(dockerCli command.Cli, options buildOptions) error {
 
 	if s != nil {
 		go func() {
-			logrus.Debugf("running session: %v", s.UUID())
+			logrus.Debugf("running session: %v", s.ID())
 			if err := s.Run(ctx, dockerCli.Client().DialSession); err != nil {
 				logrus.Error(err)
 				cancel() // cancel progress context
 			}
 		}()
-		buildOptions.SessionID = s.UUID()
+		buildOptions.SessionID = s.ID()
 	}
 
 	response, err := dockerCli.Client().ImageBuild(ctx, body, buildOptions)

components/cli/cli/command/image/build_session.go

@@ -17,9 +17,9 @@ import (
 	"github.com/docker/cli/cli/command/image/build"
 	cliconfig "github.com/docker/cli/cli/config"
 	"github.com/docker/docker/api/types/versions"
-	"github.com/docker/docker/client/session"
-	"github.com/docker/docker/client/session/filesync"
 	"github.com/docker/docker/pkg/progress"
+	"github.com/moby/buildkit/session"
+	"github.com/moby/buildkit/session/filesync"
 	"github.com/pkg/errors"
 	"golang.org/x/time/rate"
 )
@@ -53,7 +53,9 @@ func addDirToSession(session *session.Session, contextDir string, progressOutput
 
 	p := &sizeProgress{out: progressOutput, action: "Streaming build context to Docker daemon"}
 
-	workdirProvider := filesync.NewFSSyncProvider(contextDir, excludes)
+	workdirProvider := filesync.NewFSSyncProvider([]filesync.SyncedDir{
+		{Dir: contextDir, Excludes: excludes},
+	})
 	session.Allow(workdirProvider)
 
 	// this will be replaced on parallel build jobs. keep the current
@@ -126,18 +128,18 @@ func getBuildSharedKey(dir string) (string, error) {
 	return hex.EncodeToString(s[:]), nil
 }
 
-func tryNodeIdentifier() (out string) {
-	out = cliconfig.Dir() // return config dir as default on permission error
+func tryNodeIdentifier() string {
+	out := cliconfig.Dir() // return config dir as default on permission error
 	if err := os.MkdirAll(cliconfig.Dir(), 0700); err == nil {
 		sessionFile := filepath.Join(cliconfig.Dir(), ".buildNodeID")
 		if _, err := os.Lstat(sessionFile); err != nil {
 			if os.IsNotExist(err) { // create a new file with stored randomness
 				b := make([]byte, 32)
 				if _, err := rand.Read(b); err != nil {
-					return
+					return out
 				}
 				if err := ioutil.WriteFile(sessionFile, []byte(hex.EncodeToString(b)), 0600); err != nil {
-					return
+					return out
 				}
 			}
 		}
@@ -147,5 +149,5 @@ func tryNodeIdentifier() (out string) {
 			return string(dt)
 		}
 	}
-	return
+	return out
 }

components/cli/cli/command/image/build_test.go

@@ -6,18 +6,57 @@ import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"runtime"
 	"sort"
+	"syscall"
 	"testing"
 
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/pkg/archive"
+	"github.com/gotestyourself/gotestyourself/fs"
+	"github.com/gotestyourself/gotestyourself/skip"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/net/context"
 )
 
+func TestRunBuildResetsUidAndGidInContext(t *testing.T) {
+	skip.IfCondition(t, runtime.GOOS == "windows", "uid and gid not relevant on windows")
+	dest := fs.NewDir(t, "test-build-context-dest")
+	defer dest.Remove()
+
+	fakeImageBuild := func(_ context.Context, context io.Reader, options types.ImageBuildOptions) (types.ImageBuildResponse, error) {
+		assert.NoError(t, archive.Untar(context, dest.Path(), nil))
+
+		body := new(bytes.Buffer)
+		return types.ImageBuildResponse{Body: ioutil.NopCloser(body)}, nil
+	}
+	cli := test.NewFakeCli(&fakeClient{imageBuildFunc: fakeImageBuild})
+
+	dir := fs.NewDir(t, "test-build-context",
+		fs.WithFile("foo", "some content", fs.AsUser(65534, 65534)),
+		fs.WithFile("Dockerfile", `
+			FROM alpine:3.6
+			COPY foo bar /
+		`),
+	)
+	defer dir.Remove()
+
+	options := newBuildOptions()
+	options.context = dir.Path()
+
+	err := runBuild(cli, options)
+	require.NoError(t, err)
+
+	files, err := ioutil.ReadDir(dest.Path())
+	require.NoError(t, err)
+	for _, fileInfo := range files {
+		assert.Equal(t, uint32(0), fileInfo.Sys().(*syscall.Stat_t).Uid)
+		assert.Equal(t, uint32(0), fileInfo.Sys().(*syscall.Stat_t).Gid)
+	}
+}
 func TestRunBuildDockerfileFromStdinWithCompress(t *testing.T) {
 	dest, err := ioutil.TempDir("", "test-build-compress-dest")
 	require.NoError(t, err)

components/cli/cli/command/image/prune.go

@@ -37,7 +37,7 @@ func NewPruneCommand(dockerCli command.Cli) *cobra.Command {
 			fmt.Fprintln(dockerCli.Out(), "Total reclaimed space:", units.HumanSize(float64(spaceReclaimed)))
 			return nil
 		},
-		Tags: map[string]string{"version": "1.25"},
+		Annotations: map[string]string{"version": "1.25"},
 	}
 
 	flags := cmd.Flags()
@@ -65,12 +65,12 @@ func runPrune(dockerCli command.Cli, options pruneOptions) (spaceReclaimed uint6
 		warning = allImageWarning
 	}
 	if !options.force && !command.PromptForConfirmation(dockerCli.In(), dockerCli.Out(), warning) {
-		return
+		return 0, "", nil
 	}
 
 	report, err := dockerCli.Client().ImagesPrune(context.Background(), pruneFilters)
 	if err != nil {
-		return
+		return 0, "", err
 	}
 
 	if len(report.ImagesDeleted) > 0 {
@@ -85,7 +85,7 @@ func runPrune(dockerCli command.Cli, options pruneOptions) (spaceReclaimed uint6
 		spaceReclaimed = report.SpaceReclaimed
 	}
 
-	return
+	return spaceReclaimed, output, nil
 }
 
 // RunPrune calls the Image Prune API

components/cli/cli/command/image/pull.go

@@ -6,8 +6,8 @@ import (
 
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/cli/command"
+	"github.com/docker/cli/cli/trust"
 	"github.com/docker/distribution/reference"
-	"github.com/docker/docker/registry"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 	"golang.org/x/net/context"
@@ -40,39 +40,32 @@ func NewPullCommand(dockerCli command.Cli) *cobra.Command {
 	return cmd
 }
 
-func runPull(dockerCli command.Cli, opts pullOptions) error {
+func runPull(cli command.Cli, opts pullOptions) error {
 	distributionRef, err := reference.ParseNormalizedNamed(opts.remote)
-	if err != nil {
+	switch {
+	case err != nil:
 		return err
-	}
-	if opts.all && !reference.IsNameOnly(distributionRef) {
+	case opts.all && !reference.IsNameOnly(distributionRef):
 		return errors.New("tag can't be used with --all-tags/-a")
-	}
-
-	if !opts.all && reference.IsNameOnly(distributionRef) {
+	case !opts.all && reference.IsNameOnly(distributionRef):
 		distributionRef = reference.TagNameOnly(distributionRef)
 		if tagged, ok := distributionRef.(reference.Tagged); ok {
-			fmt.Fprintf(dockerCli.Out(), "Using default tag: %s\n", tagged.Tag())
+			fmt.Fprintf(cli.Out(), "Using default tag: %s\n", tagged.Tag())
 		}
 	}
 
-	// Resolve the Repository name from fqn to RepositoryInfo
-	repoInfo, err := registry.ParseRepositoryInfo(distributionRef)
+	ctx := context.Background()
+	imgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, AuthResolver(cli), distributionRef.String())
 	if err != nil {
 		return err
 	}
 
-	ctx := context.Background()
-
-	authConfig := command.ResolveAuthConfig(ctx, dockerCli, repoInfo.Index)
-	requestPrivilege := command.RegistryAuthenticationPrivilegedFunc(dockerCli, repoInfo.Index, "pull")
-
 	// Check if reference has a digest
 	_, isCanonical := distributionRef.(reference.Canonical)
 	if command.IsTrusted() && !isCanonical {
-		err = trustedPull(ctx, dockerCli, repoInfo, distributionRef, authConfig, requestPrivilege)
+		err = trustedPull(ctx, cli, imgRefAndAuth)
 	} else {
-		err = imagePullPrivileged(ctx, dockerCli, authConfig, reference.FamiliarString(distributionRef), requestPrivilege, opts.all)
+		err = imagePullPrivileged(ctx, cli, imgRefAndAuth, opts.all)
 	}
 	if err != nil {
 		if strings.Contains(err.Error(), "when fetching 'plugin'") {
@@ -80,6 +73,5 @@ func runPull(dockerCli command.Cli, opts pullOptions) error {
 		}
 		return err
 	}
-
 	return nil
 }

components/cli/cli/command/image/pull_test.go

@@ -2,11 +2,14 @@ package image
 
 import (
 	"fmt"
+	"io"
 	"io/ioutil"
+	"strings"
 	"testing"
 
 	"github.com/docker/cli/internal/test"
 	"github.com/docker/cli/internal/test/testutil"
+	"github.com/docker/docker/api/types"
 	"github.com/gotestyourself/gotestyourself/golden"
 	"github.com/stretchr/testify/assert"
 )
@@ -32,11 +35,6 @@ func TestNewPullCommandErrors(t *testing.T) {
 			expectedError: "tag can't be used with --all-tags/-a",
 			args:          []string{"--all-tags", "image:tag"},
 		},
-		{
-			name:          "pull-error",
-			args:          []string{"--disable-content-trust=false", "image:tag"},
-			expectedError: "you are not authorized to perform this operation: server returned 401.",
-		},
 	}
 	for _, tc := range testCases {
 		cli := test.NewFakeCli(&fakeClient{})
@@ -49,20 +47,28 @@ func TestNewPullCommandErrors(t *testing.T) {
 
 func TestNewPullCommandSuccess(t *testing.T) {
 	testCases := []struct {
-		name string
-		args []string
+		name        string
+		args        []string
+		expectedTag string
 	}{
 		{
-			name: "simple",
-			args: []string{"image:tag"},
+			name:        "simple",
+			args:        []string{"image:tag"},
+			expectedTag: "image:tag",
 		},
 		{
-			name: "simple-no-tag",
-			args: []string{"image"},
+			name:        "simple-no-tag",
+			args:        []string{"image"},
+			expectedTag: "image:latest",
 		},
 	}
 	for _, tc := range testCases {
-		cli := test.NewFakeCli(&fakeClient{})
+		cli := test.NewFakeCli(&fakeClient{
+			imagePullFunc: func(ref string, options types.ImagePullOptions) (io.ReadCloser, error) {
+				assert.Equal(t, tc.expectedTag, ref, tc.name)
+				return ioutil.NopCloser(strings.NewReader("")), nil
+			},
+		})
 		cmd := NewPullCommand(cli)
 		cmd.SetOutput(ioutil.Discard)
 		cmd.SetArgs(tc.args)

components/cli/cli/command/image/push.go

@@ -48,7 +48,7 @@ func runPush(dockerCli command.Cli, remote string) error {
 	requestPrivilege := command.RegistryAuthenticationPrivilegedFunc(dockerCli, repoInfo.Index, "push")
 
 	if command.IsTrusted() {
-		return trustedPush(ctx, dockerCli, repoInfo, ref, authConfig, requestPrivilege)
+		return TrustedPush(ctx, dockerCli, repoInfo, ref, authConfig, requestPrivilege)
 	}
 
 	responseBody, err := imagePushPrivileged(ctx, dockerCli, authConfig, ref, requestPrivilege)

components/cli/cli/command/image/trust.go

@@ -5,20 +5,20 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
-	"path"
 	"sort"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/cli/cli/command"
 	"github.com/docker/cli/cli/trust"
 	"github.com/docker/distribution/reference"
 	"github.com/docker/docker/api/types"
+	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/pkg/jsonmessage"
 	"github.com/docker/docker/registry"
-	"github.com/docker/notary/client"
-	"github.com/docker/notary/tuf/data"
-	"github.com/opencontainers/go-digest"
+	digest "github.com/opencontainers/go-digest"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
+	"github.com/theupdateframework/notary/client"
+	"github.com/theupdateframework/notary/tuf/data"
 	"golang.org/x/net/context"
 )
 
@@ -28,8 +28,8 @@ type target struct {
 	size   int64
 }
 
-// trustedPush handles content trust pushing of an image
-func trustedPush(ctx context.Context, cli command.Cli, repoInfo *registry.RepositoryInfo, ref reference.Named, authConfig types.AuthConfig, requestPrivilege types.RequestPrivilegeFunc) error {
+// TrustedPush handles content trust pushing of an image
+func TrustedPush(ctx context.Context, cli command.Cli, repoInfo *registry.RepositoryInfo, ref reference.Named, authConfig types.AuthConfig, requestPrivilege types.RequestPrivilegeFunc) error {
 	responseBody, err := imagePushPrivileged(ctx, cli, authConfig, ref, requestPrivilege)
 	if err != nil {
 		return err
@@ -84,7 +84,7 @@ func PushTrustedReference(streams command.Streams, repoInfo *registry.Repository
 		if err := jsonmessage.DisplayJSONMessagesToStream(in, streams.Out(), nil); err != nil {
 			return err
 		}
-		fmt.Fprintln(streams.Out(), "No tag specified, skipping trust metadata push")
+		fmt.Fprintln(streams.Err(), "No tag specified, skipping trust metadata push")
 		return nil
 	}
 
@@ -97,31 +97,29 @@ func PushTrustedReference(streams command.Streams, repoInfo *registry.Repository
 	}
 
 	if target == nil {
-		fmt.Fprintln(streams.Out(), "No targets found, please provide a specific tag in order to sign it")
-		return nil
+		return errors.Errorf("no targets found, please provide a specific tag in order to sign it")
 	}
 
 	fmt.Fprintln(streams.Out(), "Signing and pushing trust metadata")
 
-	repo, err := trust.GetNotaryRepository(streams, repoInfo, authConfig, "push", "pull")
+	repo, err := trust.GetNotaryRepository(streams.In(), streams.Out(), command.UserAgent(), repoInfo, &authConfig, "push", "pull")
 	if err != nil {
-		fmt.Fprintf(streams.Out(), "Error establishing connection to notary repository: %s\n", err)
-		return err
+		return errors.Wrap(err, "error establishing connection to trust repository")
 	}
 
 	// get the latest repository metadata so we can figure out which roles to sign
-	err = repo.Update(false)
+	_, err = repo.ListTargets()
 
 	switch err.(type) {
 	case client.ErrRepoNotInitialized, client.ErrRepositoryNotExist:
-		keys := repo.CryptoService.ListKeys(data.CanonicalRootRole)
+		keys := repo.GetCryptoService().ListKeys(data.CanonicalRootRole)
 		var rootKeyID string
 		// always select the first root key
 		if len(keys) > 0 {
 			sort.Strings(keys)
 			rootKeyID = keys[0]
 		} else {
-			rootPublicKey, err := repo.CryptoService.Create(data.CanonicalRootRole, "", data.ECDSAKey)
+			rootPublicKey, err := repo.GetCryptoService().Create(data.CanonicalRootRole, "", data.ECDSAKey)
 			if err != nil {
 				return err
 			}
@@ -136,7 +134,7 @@ func PushTrustedReference(streams command.Streams, repoInfo *registry.Repository
 		err = repo.AddTarget(target, data.CanonicalTargetsRole)
 	case nil:
 		// already initialized and we have successfully downloaded the latest metadata
-		err = addTargetToAllSignableRoles(repo, target)
+		err = AddTargetToAllSignableRoles(repo, target)
 	default:
 		return trust.NotaryError(repoInfo.Name.Name(), err)
 	}
@@ -146,59 +144,24 @@ func PushTrustedReference(streams command.Streams, repoInfo *registry.Repository
 	}
 
 	if err != nil {
-		fmt.Fprintf(streams.Out(), "Failed to sign %q:%s - %s\n", repoInfo.Name.Name(), tag, err.Error())
+		err = errors.Wrapf(err, "failed to sign %s:%s", repoInfo.Name.Name(), tag)
 		return trust.NotaryError(repoInfo.Name.Name(), err)
 	}
 
-	fmt.Fprintf(streams.Out(), "Successfully signed %q:%s\n", repoInfo.Name.Name(), tag)
+	fmt.Fprintf(streams.Out(), "Successfully signed %s:%s\n", repoInfo.Name.Name(), tag)
 	return nil
 }
 
-// Attempt to add the image target to all the top level delegation roles we can
+// AddTargetToAllSignableRoles attempts to add the image target to all the top level delegation roles we can
 // (based on whether we have the signing key and whether the role's path allows
 // us to).
 // If there are no delegation roles, we add to the targets role.
-func addTargetToAllSignableRoles(repo *client.NotaryRepository, target *client.Target) error {
-	var signableRoles []string
-
-	// translate the full key names, which includes the GUN, into just the key IDs
-	allCanonicalKeyIDs := make(map[string]struct{})
-	for fullKeyID := range repo.CryptoService.ListAllKeys() {
-		allCanonicalKeyIDs[path.Base(fullKeyID)] = struct{}{}
-	}
-
-	allDelegationRoles, err := repo.GetDelegationRoles()
+func AddTargetToAllSignableRoles(repo client.Repository, target *client.Target) error {
+	signableRoles, err := trust.GetSignableRoles(repo, target)
 	if err != nil {
 		return err
 	}
 
-	// if there are no delegation roles, then just try to sign it into the targets role
-	if len(allDelegationRoles) == 0 {
-		return repo.AddTarget(target, data.CanonicalTargetsRole)
-	}
-
-	// there are delegation roles, find every delegation role we have a key for, and
-	// attempt to sign into into all those roles.
-	for _, delegationRole := range allDelegationRoles {
-		// We do not support signing any delegation role that isn't a direct child of the targets role.
-		// Also don't bother checking the keys if we can't add the target
-		// to this role due to path restrictions
-		if path.Dir(delegationRole.Name) != data.CanonicalTargetsRole || !delegationRole.CheckPaths(target.Name) {
-			continue
-		}
-
-		for _, canonicalKeyID := range delegationRole.KeyIDs {
-			if _, ok := allCanonicalKeyIDs[canonicalKeyID]; ok {
-				signableRoles = append(signableRoles, delegationRole.Name)
-				break
-			}
-		}
-	}
-
-	if len(signableRoles) == 0 {
-		return errors.Errorf("no valid signing keys for delegation roles")
-	}
-
 	return repo.AddTarget(target, signableRoles...)
 }
 
@@ -217,57 +180,13 @@ func imagePushPrivileged(ctx context.Context, cli command.Cli, authConfig types.
 }
 
 // trustedPull handles content trust pulling of an image
-func trustedPull(ctx context.Context, cli command.Cli, repoInfo *registry.RepositoryInfo, ref reference.Named, authConfig types.AuthConfig, requestPrivilege types.RequestPrivilegeFunc) error {
-	var refs []target
-
-	notaryRepo, err := trust.GetNotaryRepository(cli, repoInfo, authConfig, "pull")
+func trustedPull(ctx context.Context, cli command.Cli, imgRefAndAuth trust.ImageRefAndAuth) error {
+	refs, err := getTrustedPullTargets(cli, imgRefAndAuth)
 	if err != nil {
-		fmt.Fprintf(cli.Out(), "Error establishing connection to trust repository: %s\n", err)
 		return err
 	}
 
-	if tagged, isTagged := ref.(reference.NamedTagged); !isTagged {
-		// List all targets
-		targets, err := notaryRepo.ListTargets(trust.ReleasesRole, data.CanonicalTargetsRole)
-		if err != nil {
-			return trust.NotaryError(ref.Name(), err)
-		}
-		for _, tgt := range targets {
-			t, err := convertTarget(tgt.Target)
-			if err != nil {
-				fmt.Fprintf(cli.Out(), "Skipping target for %q\n", reference.FamiliarName(ref))
-				continue
-			}
-			// Only list tags in the top level targets role or the releases delegation role - ignore
-			// all other delegation roles
-			if tgt.Role != trust.ReleasesRole && tgt.Role != data.CanonicalTargetsRole {
-				continue
-			}
-			refs = append(refs, t)
-		}
-		if len(refs) == 0 {
-			return trust.NotaryError(ref.Name(), errors.Errorf("No trusted tags for %s", ref.Name()))
-		}
-	} else {
-		t, err := notaryRepo.GetTargetByName(tagged.Tag(), trust.ReleasesRole, data.CanonicalTargetsRole)
-		if err != nil {
-			return trust.NotaryError(ref.Name(), err)
-		}
-		// Only get the tag if it's in the top level targets role or the releases delegation role
-		// ignore it if it's in any other delegation roles
-		if t.Role != trust.ReleasesRole && t.Role != data.CanonicalTargetsRole {
-			return trust.NotaryError(ref.Name(), errors.Errorf("No trust data for %s", tagged.Tag()))
-		}
-
-		logrus.Debugf("retrieving target for %s role\n", t.Role)
-		r, err := convertTarget(t.Target)
-		if err != nil {
-			return err
-
-		}
-		refs = append(refs, r)
-	}
-
+	ref := imgRefAndAuth.Reference()
 	for i, r := range refs {
 		displayTag := r.name
 		if displayTag != "" {
@@ -279,7 +198,11 @@ func trustedPull(ctx context.Context, cli command.Cli, repoInfo *registry.Reposi
 		if err != nil {
 			return err
 		}
-		if err := imagePullPrivileged(ctx, cli, authConfig, reference.FamiliarString(trustedRef), requestPrivilege, false); err != nil {
+		updatedImgRefAndAuth, err := trust.GetImageReferencesAndAuth(ctx, AuthResolver(cli), trustedRef.String())
+		if err != nil {
+			return err
+		}
+		if err := imagePullPrivileged(ctx, cli, updatedImgRefAndAuth, false); err != nil {
 			return err
 		}
 
@@ -295,13 +218,64 @@ func trustedPull(ctx context.Context, cli command.Cli, repoInfo *registry.Reposi
 	return nil
 }
 
-// imagePullPrivileged pulls the image and displays it to the output
-func imagePullPrivileged(ctx context.Context, cli command.Cli, authConfig types.AuthConfig, ref string, requestPrivilege types.RequestPrivilegeFunc, all bool) error {
+func getTrustedPullTargets(cli command.Cli, imgRefAndAuth trust.ImageRefAndAuth) ([]target, error) {
+	notaryRepo, err := cli.NotaryClient(imgRefAndAuth, trust.ActionsPullOnly)
+	if err != nil {
+		return nil, errors.Wrap(err, "error establishing connection to trust repository")
+	}
 
-	encodedAuth, err := command.EncodeAuthToBase64(authConfig)
+	ref := imgRefAndAuth.Reference()
+	tagged, isTagged := ref.(reference.NamedTagged)
+	if !isTagged {
+		// List all targets
+		targets, err := notaryRepo.ListTargets(trust.ReleasesRole, data.CanonicalTargetsRole)
+		if err != nil {
+			return nil, trust.NotaryError(ref.Name(), err)
+		}
+		var refs []target
+		for _, tgt := range targets {
+			t, err := convertTarget(tgt.Target)
+			if err != nil {
+				fmt.Fprintf(cli.Err(), "Skipping target for %q\n", reference.FamiliarName(ref))
+				continue
+			}
+			// Only list tags in the top level targets role or the releases delegation role - ignore
+			// all other delegation roles
+			if tgt.Role != trust.ReleasesRole && tgt.Role != data.CanonicalTargetsRole {
+				continue
+			}
+			refs = append(refs, t)
+		}
+		if len(refs) == 0 {
+			return nil, trust.NotaryError(ref.Name(), errors.Errorf("No trusted tags for %s", ref.Name()))
+		}
+		return refs, nil
+	}
+
+	t, err := notaryRepo.GetTargetByName(tagged.Tag(), trust.ReleasesRole, data.CanonicalTargetsRole)
+	if err != nil {
+		return nil, trust.NotaryError(ref.Name(), err)
+	}
+	// Only get the tag if it's in the top level targets role or the releases delegation role
+	// ignore it if it's in any other delegation roles
+	if t.Role != trust.ReleasesRole && t.Role != data.CanonicalTargetsRole {
+		return nil, trust.NotaryError(ref.Name(), errors.Errorf("No trust data for %s", tagged.Tag()))
+	}
+
+	logrus.Debugf("retrieving target for %s role", t.Role)
+	r, err := convertTarget(t.Target)
+	return []target{r}, err
+}
+
+// imagePullPrivileged pulls the image and displays it to the output
+func imagePullPrivileged(ctx context.Context, cli command.Cli, imgRefAndAuth trust.ImageRefAndAuth, all bool) error {
+	ref := reference.FamiliarString(imgRefAndAuth.Reference())
+
+	encodedAuth, err := command.EncodeAuthToBase64(*imgRefAndAuth.AuthConfig())
 	if err != nil {
 		return err
 	}
+	requestPrivilege := command.RegistryAuthenticationPrivilegedFunc(cli, imgRefAndAuth.RepoInfo().Index, "pull")
 	options := types.ImagePullOptions{
 		RegistryAuth:  encodedAuth,
 		PrivilegeFunc: requestPrivilege,
@@ -335,10 +309,9 @@ func TrustedReference(ctx context.Context, cli command.Cli, ref reference.NamedT
 	// Resolve the Auth config relevant for this server
 	authConfig := command.ResolveAuthConfig(ctx, cli, repoInfo.Index)
 
-	notaryRepo, err := trust.GetNotaryRepository(cli, repoInfo, authConfig, "pull")
+	notaryRepo, err := trust.GetNotaryRepository(cli.In(), cli.Out(), command.UserAgent(), repoInfo, &authConfig, "pull")
 	if err != nil {
-		fmt.Fprintf(cli.Out(), "Error establishing connection to trust repository: %s\n", err)
-		return nil, err
+		return nil, errors.Wrap(err, "error establishing connection to trust repository")
 	}
 
 	t, err := notaryRepo.GetTargetByName(ref.Tag(), trust.ReleasesRole, data.CanonicalTargetsRole)
@@ -348,14 +321,13 @@ func TrustedReference(ctx context.Context, cli command.Cli, ref reference.NamedT
 	// Only list tags in the top level targets role or the releases delegation role - ignore
 	// all other delegation roles
 	if t.Role != trust.ReleasesRole && t.Role != data.CanonicalTargetsRole {
-		return nil, trust.NotaryError(repoInfo.Name.Name(), errors.Errorf("No trust data for %s", ref.Tag()))
+		return nil, trust.NotaryError(repoInfo.Name.Name(), client.ErrNoSuchTarget(ref.Tag()))
 	}
 	r, err := convertTarget(t.Target)
 	if err != nil {
 		return nil, err
 
 	}
-
 	return reference.WithDigest(reference.TrimNamed(ref), r.digest)
 }
 
@@ -378,7 +350,14 @@ func TagTrusted(ctx context.Context, cli command.Cli, trustedRef reference.Canon
 	familiarRef := reference.FamiliarString(ref)
 	trustedFamiliarRef := reference.FamiliarString(trustedRef)
 
-	fmt.Fprintf(cli.Out(), "Tagging %s as %s\n", trustedFamiliarRef, familiarRef)
+	fmt.Fprintf(cli.Err(), "Tagging %s as %s\n", trustedFamiliarRef, familiarRef)
 
 	return cli.Client().ImageTag(ctx, trustedFamiliarRef, familiarRef)
 }
+
+// AuthResolver returns an auth resolver function from a command.Cli
+func AuthResolver(cli command.Cli) func(ctx context.Context, index *registrytypes.IndexInfo) types.AuthConfig {
+	return func(ctx context.Context, index *registrytypes.IndexInfo) types.AuthConfig {
+		return command.ResolveAuthConfig(ctx, cli, index)
+	}
+}

components/cli/cli/command/image/trust_test.go

@@ -1,12 +1,18 @@
 package image
 
 import (
+	"io/ioutil"
 	"os"
 	"testing"
 
 	"github.com/docker/cli/cli/trust"
 	registrytypes "github.com/docker/docker/api/types/registry"
 	"github.com/docker/docker/registry"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"github.com/theupdateframework/notary/client"
+	"github.com/theupdateframework/notary/passphrase"
+	"github.com/theupdateframework/notary/trustpinning"
 )
 
 func unsetENV() {
@@ -55,3 +61,15 @@ func TestNonOfficialTrustServer(t *testing.T) {
 		t.Fatalf("Expected server to be %s, got %s", expectedStr, output)
 	}
 }
+
+func TestAddTargetToAllSignableRolesError(t *testing.T) {
+	tmpDir, err := ioutil.TempDir("", "notary-test-")
+	assert.NoError(t, err)
+	defer os.RemoveAll(tmpDir)
+
+	notaryRepo, err := client.NewFileCachedRepository(tmpDir, "gun", "https://localhost", nil, passphrase.ConstantRetriever("password"), trustpinning.TrustPinConfig{})
+	require.NoError(t, err)
+	target := client.Target{}
+	err = AddTargetToAllSignableRoles(notaryRepo, &target)
+	assert.EqualError(t, err, "client is offline")
+}

components/cli/cli/command/inspect/inspector.go

@@ -7,10 +7,10 @@ import (
 	"strings"
 	"text/template"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/cli/cli"
 	"github.com/docker/cli/templates"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 )
 
 // Inspector defines an interface to implement to process elements

components/cli/cli/command/network/client_test.go

@@ -12,6 +12,7 @@ type fakeClient struct {
 	networkCreateFunc     func(ctx context.Context, name string, options types.NetworkCreate) (types.NetworkCreateResponse, error)
 	networkConnectFunc    func(ctx context.Context, networkID, container string, config *network.EndpointSettings) error
 	networkDisconnectFunc func(ctx context.Context, networkID, container string, force bool) error
+	networkListFunc       func(ctx context.Context, options types.NetworkListOptions) ([]types.NetworkResource, error)
 }
 
 func (c *fakeClient) NetworkCreate(ctx context.Context, name string, options types.NetworkCreate) (types.NetworkCreateResponse, error) {
@@ -34,3 +35,10 @@ func (c *fakeClient) NetworkDisconnect(ctx context.Context, networkID, container
 	}
 	return nil
 }
+
+func (c *fakeClient) NetworkList(ctx context.Context, options types.NetworkListOptions) ([]types.NetworkResource, error) {
+	if c.networkListFunc != nil {
+		return c.networkListFunc(ctx, options)
+	}
+	return []types.NetworkResource{}, nil
+}

components/cli/cli/command/network/list_test.go

@@ -0,0 +1,69 @@
+package network
+
+import (
+	"testing"
+
+	"io/ioutil"
+
+	"strings"
+
+	"github.com/docker/cli/internal/test"
+	. "github.com/docker/cli/internal/test/builders"
+	"github.com/docker/cli/internal/test/testutil"
+	"github.com/docker/docker/api/types"
+	"github.com/docker/docker/api/types/filters"
+	"github.com/gotestyourself/gotestyourself/golden"
+	"github.com/pkg/errors"
+	"github.com/stretchr/testify/assert"
+	"golang.org/x/net/context"
+)
+
+func TestNetworkListErrors(t *testing.T) {
+	testCases := []struct {
+		networkListFunc func(ctx context.Context, options types.NetworkListOptions) ([]types.NetworkResource, error)
+		expectedError   string
+	}{
+		{
+			networkListFunc: func(ctx context.Context, options types.NetworkListOptions) ([]types.NetworkResource, error) {
+				return []types.NetworkResource{}, errors.Errorf("error creating network")
+			},
+			expectedError: "error creating network",
+		},
+	}
+
+	for _, tc := range testCases {
+		cmd := newListCommand(
+			test.NewFakeCli(&fakeClient{
+				networkListFunc: tc.networkListFunc,
+			}),
+		)
+		cmd.SetOutput(ioutil.Discard)
+		testutil.ErrorContains(t, cmd.Execute(), tc.expectedError)
+
+	}
+}
+
+func TestNetworkListWithFlags(t *testing.T) {
+
+	filterArgs := filters.NewArgs()
+	filterArgs.Add("image.name", "ubuntu")
+
+	expectedOpts := types.NetworkListOptions{
+		Filters: filterArgs,
+	}
+
+	cli := test.NewFakeCli(&fakeClient{
+		networkListFunc: func(ctx context.Context, options types.NetworkListOptions) ([]types.NetworkResource, error) {
+			assert.Equal(t, expectedOpts, options, "not expected options error")
+			return []types.NetworkResource{*NetworkResource(NetworkResourceID("123454321"),
+				NetworkResourceName("network_1"),
+				NetworkResourceDriver("09.7.01"),
+				NetworkResourceScope("global"))}, nil
+		},
+	})
+	cmd := newListCommand(cli)
+
+	cmd.Flags().Set("filter", "image.name=ubuntu")
+	assert.NoError(t, cmd.Execute())
+	golden.Assert(t, strings.TrimSpace(cli.OutBuffer().String()), "network-list.golden")
+}

components/cli/cli/command/network/prune.go

@@ -33,7 +33,7 @@ func NewPruneCommand(dockerCli command.Cli) *cobra.Command {
 			}
 			return nil
 		},
-		Tags: map[string]string{"version": "1.25"},
+		Annotations: map[string]string{"version": "1.25"},
 	}
 
 	flags := cmd.Flags()
@@ -50,12 +50,12 @@ func runPrune(dockerCli command.Cli, options pruneOptions) (output string, err e
 	pruneFilters := command.PruneFilters(dockerCli, options.filter.Value())
 
 	if !options.force && !command.PromptForConfirmation(dockerCli.In(), dockerCli.Out(), warning) {
-		return
+		return "", nil
 	}
 
 	report, err := dockerCli.Client().NetworksPrune(context.Background(), pruneFilters)
 	if err != nil {
-		return
+		return "", err
 	}
 
 	if len(report.NetworksDeleted) > 0 {
@@ -65,7 +65,7 @@ func runPrune(dockerCli command.Cli, options pruneOptions) (output string, err e
 		}
 	}
 
-	return
+	return output, nil
 }
 
 // RunPrune calls the Network Prune API

components/cli/cli/command/network/testdata/network-list.golden

@@ -0,0 +1,2 @@
+NETWORK ID          NAME                DRIVER              SCOPE
+123454321           network_1           09.7.01             global

components/cli/cli/command/node/cmd.go

@@ -14,11 +14,11 @@ import (
 // NewNodeCommand returns a cobra command for `node` subcommands
 func NewNodeCommand(dockerCli command.Cli) *cobra.Command {
 	cmd := &cobra.Command{
-		Use:   "node",
-		Short: "Manage Swarm nodes",
-		Args:  cli.NoArgs,
-		RunE:  command.ShowHelp(dockerCli.Err()),
-		Tags:  map[string]string{"version": "1.24"},
+		Use:         "node",
+		Short:       "Manage Swarm nodes",
+		Args:        cli.NoArgs,
+		RunE:        command.ShowHelp(dockerCli.Err()),
+		Annotations: map[string]string{"version": "1.24"},
 	}
 	cmd.AddCommand(
 		newDemoteCommand(dockerCli),

components/cli/cli/command/out.go

@@ -4,8 +4,8 @@ import (
 	"io"
 	"os"
 
-	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/pkg/term"
+	"github.com/sirupsen/logrus"
 )
 
 // OutStream is an output stream used by the DockerCli to write normal program

components/cli/cli/command/plugin/cmd.go

@@ -7,14 +7,13 @@ import (
 )
 
 // NewPluginCommand returns a cobra command for `plugin` subcommands
-// nolint: interfacer
-func NewPluginCommand(dockerCli *command.DockerCli) *cobra.Command {
+func NewPluginCommand(dockerCli command.Cli) *cobra.Command {
 	cmd := &cobra.Command{
-		Use:   "plugin",
-		Short: "Manage plugins",
-		Args:  cli.NoArgs,
-		RunE:  command.ShowHelp(dockerCli.Err()),
-		Tags:  map[string]string{"version": "1.25"},
+		Use:         "plugin",
+		Short:       "Manage plugins",
+		Args:        cli.NoArgs,
+		RunE:        command.ShowHelp(dockerCli.Err()),
+		Annotations: map[string]string{"version": "1.25"},
 	}
 
 	cmd.AddCommand(