@@ -37,7 +37,7 @@ var untrusted bool

 func addTrustedFlags(fs *flag.FlagSet, verify bool) {

 	var trusted bool

-	if e := os.Getenv("DOCKER_TRUST"); e != "" {

+	if e := os.Getenv("DOCKER_CONTENT_TRUST"); e != "" {

 		if t, err := strconv.ParseBool(e); t || err != nil {

 			// treat any other value as true

 			trusted = true

@@ -47,7 +47,7 @@ func addTrustedFlags(fs *flag.FlagSet, verify bool) {

 	if verify {

 		message = "Skip image verification"

 	}

-	fs.BoolVar(&untrusted, []string{"-untrusted"}, !trusted, message)

+	fs.BoolVar(&untrusted, []string{"-disable-content-trust"}, !trusted, message)

 }

 func isTrusted() bool {

@@ -79,7 +79,7 @@ func (cli *DockerCli) certificateDirectory(server string) (string, error) {

 }

 func trustServer(index *registry.IndexInfo) string {

-	if s := os.Getenv("DOCKER_TRUST_SERVER"); s != "" {

+	if s := os.Getenv("DOCKER_CONTENT_TRUST_SERVER"); s != "" {

 		if !strings.HasPrefix(s, "https://") {

 			return "https://" + s

 		}

@@ -178,9 +178,9 @@ func convertTarget(t client.Target) (target, error) {

 func (cli *DockerCli) getPassphraseRetriever() passphrase.Retriever {

 	baseRetriever := passphrase.PromptRetrieverWithInOut(cli.in, cli.out)

 	env := map[string]string{

-		"root":     os.Getenv("DOCKER_TRUST_ROOT_PASSPHRASE"),

-		"targets":  os.Getenv("DOCKER_TRUST_TARGET_PASSPHRASE"),

-		"snapshot": os.Getenv("DOCKER_TRUST_SNAPSHOT_PASSPHRASE"),

+		"root":     os.Getenv("DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE"),

+		"targets":  os.Getenv("DOCKER_CONTENT_TRUST_TARGET_PASSPHRASE"),

+		"snapshot": os.Getenv("DOCKER_CONTENT_TRUST_SNAPSHOT_PASSPHRASE"),

 	}

 	return func(keyName string, alias string, createNew bool, numAttempts int) (string, bool, error) {

 		if v := env[alias]; v != "" {

@@ -49,8 +49,8 @@ by the `docker` command line:

   unsuitable for Docker.

 * `DOCKER_RAMDISK` If set this will disable 'pivot_root'.

 * `DOCKER_TLS_VERIFY` When set Docker uses TLS and verifies the remote.

-* `DOCKER_TRUST` When set Docker uses notary to sign and verify images.

-  Equates to `--untrusted=false` for build, create, pull, push, run.

+* `DOCKER_CONTENT_TRUST` When set Docker uses notary to sign and verify images.

+  Equates to `--disable-content-trust=false` for build, create, pull, push, run.

 * `DOCKER_TMPDIR` Location for temporary Docker files.

 Because Docker is developed using 'Go', you can also use any environment

@@ -17,57 +17,57 @@ Creates a new container.

     Create a new container

-      -a, --attach=[]            Attach to STDIN, STDOUT or STDERR

-      --add-host=[]              Add a custom host-to-IP mapping (host:ip)

-      --blkio-weight=0           Block IO weight (relative weight)

-      -c, --cpu-shares=0         CPU shares (relative weight)

-      --cap-add=[]               Add Linux capabilities

-      --cap-drop=[]              Drop Linux capabilities

-      --cgroup-parent=""         Optional parent cgroup for the container

-      --cidfile=""               Write the container ID to the file

-      --cpu-period=0             Limit CPU CFS (Completely Fair Scheduler) period

-      --cpu-quota=0              Limit CPU CFS (Completely Fair Scheduler) quota

-      --cpuset-cpus=""           CPUs in which to allow execution (0-3, 0,1)

-      --cpuset-mems=""           Memory nodes (MEMs) in which to allow execution (0-3, 0,1)

-      --device=[]                Add a host device to the container

-      --dns=[]                   Set custom DNS servers

-      --dns-search=[]            Set custom DNS search domains

-      -e, --env=[]               Set environment variables

-      --entrypoint=""            Overwrite the default ENTRYPOINT of the image

-      --env-file=[]              Read in a file of environment variables

-      --expose=[]                Expose a port or a range of ports

-      -h, --hostname=""          Container host name

-      --help=false               Print usage

-      -i, --interactive=false    Keep STDIN open even if not attached

-      --ipc=""                   IPC namespace to use

-      -l, --label=[]             Set metadata on the container (e.g., --label=com.example.key=value)

-      --label-file=[]            Read in a line delimited file of labels

-      --link=[]                  Add link to another container

-      --log-driver=""            Logging driver for container

-      --log-opt=[]               Log driver specific options

-      --lxc-conf=[]              Add custom lxc options

-      -m, --memory=""            Memory limit

-      --mac-address=""           Container MAC address (e.g. 92:d0:c6:0a:29:33)

-      --memory-swap=""           Total memory (memory + swap), '-1' to disable swap

-      --memory-swappiness=""     Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.

-      --name=""                  Assign a name to the container

-      --net="bridge"             Set the Network mode for the container

-      --oom-kill-disable=false   Whether to disable OOM Killer for the container or not

-      -P, --publish-all=false    Publish all exposed ports to random ports

-      -p, --publish=[]           Publish a container's port(s) to the host

-      --pid=""                   PID namespace to use

-      --privileged=false         Give extended privileges to this container

-      --read-only=false          Mount the container's root filesystem as read only

-      --restart="no"             Restart policy (no, on-failure[:max-retry], always)

-      --security-opt=[]          Security options

-      -t, --tty=false            Allocate a pseudo-TTY

-      --untrusted=true           Skip image verification

-      -u, --user=""              Username or UID

-      --ulimit=[]                Ulimit options

-      --uts=""                   UTS namespace to use

-      -v, --volume=[]            Bind mount a volume

-      --volumes-from=[]          Mount volumes from the specified container(s)

-      -w, --workdir=""           Working directory inside the container

+      -a, --attach=[]               Attach to STDIN, STDOUT or STDERR

+      --add-host=[]                 Add a custom host-to-IP mapping (host:ip)

+      --blkio-weight=0              Block IO weight (relative weight)

+      -c, --cpu-shares=0            CPU shares (relative weight)

+      --cap-add=[]                  Add Linux capabilities

+      --cap-drop=[]                 Drop Linux capabilities

+      --cgroup-parent=""            Optional parent cgroup for the container

+      --cidfile=""                  Write the container ID to the file

+      --cpu-period=0                Limit CPU CFS (Completely Fair Scheduler) period

+      --cpu-quota=0                 Limit CPU CFS (Completely Fair Scheduler) quota

+      --cpuset-cpus=""              CPUs in which to allow execution (0-3, 0,1)

+      --cpuset-mems=""              Memory nodes (MEMs) in which to allow execution (0-3, 0,1)

+      --device=[]                   Add a host device to the container

+      --dns=[]                      Set custom DNS servers

+      --dns-search=[]               Set custom DNS search domains

+      -e, --env=[]                  Set environment variables

+      --entrypoint=""               Overwrite the default ENTRYPOINT of the image

+      --env-file=[]                 Read in a file of environment variables

+      --expose=[]                   Expose a port or a range of ports

+      -h, --hostname=""             Container host name

+      --help=false                  Print usage

+      -i, --interactive=false       Keep STDIN open even if not attached

+      --ipc=""                      IPC namespace to use

+      -l, --label=[]                Set metadata on the container (e.g., --label=com.example.key=value)

+      --label-file=[]               Read in a line delimited file of labels

+      --link=[]                     Add link to another container

+      --log-driver=""               Logging driver for container

+      --log-opt=[]                  Log driver specific options

+      --lxc-conf=[]                 Add custom lxc options

+      -m, --memory=""               Memory limit

+      --mac-address=""              Container MAC address (e.g. 92:d0:c6:0a:29:33)

+      --memory-swap=""              Total memory (memory + swap), '-1' to disable swap

+      --memory-swappiness=""        Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.

+      --name=""                     Assign a name to the container

+      --net="bridge"                Set the Network mode for the container

+      --oom-kill-disable=false      Whether to disable OOM Killer for the container or not

+      -P, --publish-all=false       Publish all exposed ports to random ports

+      -p, --publish=[]              Publish a container's port(s) to the host

+      --pid=""                      PID namespace to use

+      --privileged=false            Give extended privileges to this container

+      --read-only=false             Mount the container's root filesystem as read only

+      --restart="no"                Restart policy (no, on-failure[:max-retry], always)

+      --security-opt=[]             Security options

+      -t, --tty=false               Allocate a pseudo-TTY

+      --disable-content-trust=true  Skip image verification

+      -u, --user=""                 Username or UID

+      --ulimit=[]                   Ulimit options

+      --uts=""                      UTS namespace to use

+      -v, --volume=[]               Bind mount a volume

+      --volumes-from=[]             Mount volumes from the specified container(s)

+      -w, --workdir=""              Working directory inside the container

 The `docker create` command creates a writeable container layer over the

 specified image and prepares it for running the specified command.  The

@@ -15,8 +15,8 @@ weight=1

     Pull an image or a repository from the registry

-      -a, --all-tags=false    Download all tagged images in the repository

-      --untrusted=true        Skip image verification

+      -a, --all-tags=false          Download all tagged images in the repository

+      --disable-content-trust=true  Skip image verification

 Most of your images will be created on top of a base image from the

 [Docker Hub](https://hub.docker.com) registry.

@@ -15,7 +15,7 @@ weight=1

     Push an image or a repository to the registry

-    --untrusted=true           Skip image signing

+    --disable-content-trust=true   Skip image signing

 Use `docker push` to share your images to the [Docker Hub](https://hub.docker.com)

 registry or to a self-hosted one.

@@ -15,61 +15,61 @@ weight=1

     Run a command in a new container

-      -a, --attach=[]            Attach to STDIN, STDOUT or STDERR

-      --add-host=[]              Add a custom host-to-IP mapping (host:ip)

-      --blkio-weight=0           Block IO weight (relative weight)

-      -c, --cpu-shares=0         CPU shares (relative weight)

-      --cap-add=[]               Add Linux capabilities

-      --cap-drop=[]              Drop Linux capabilities

-      --cgroup-parent=""         Optional parent cgroup for the container

-      --cidfile=""               Write the container ID to the file

-      --cpu-period=0             Limit CPU CFS (Completely Fair Scheduler) period

-      --cpu-quota=0              Limit CPU CFS (Completely Fair Scheduler) quota

-      --cpuset-cpus=""           CPUs in which to allow execution (0-3, 0,1)

-      --cpuset-mems=""           Memory nodes (MEMs) in which to allow execution (0-3, 0,1)

-      -d, --detach=false         Run container in background and print container ID

-      --device=[]                Add a host device to the container

-      --dns=[]                   Set custom DNS servers

-      --dns-search=[]            Set custom DNS search domains

-      -e, --env=[]               Set environment variables

-      --entrypoint=""            Overwrite the default ENTRYPOINT of the image

-      --env-file=[]              Read in a file of environment variables

-      --expose=[]                Expose a port or a range of ports

-      --group-add=[]             Add additional groups to run as

-      -h, --hostname=""          Container host name

-      --help=false               Print usage

-      -i, --interactive=false    Keep STDIN open even if not attached

-      --ipc=""                   IPC namespace to use

-      -l, --label=[]             Set metadata on the container (e.g., --label=com.example.key=value)

-      --label-file=[]            Read in a file of labels (EOL delimited)

-      --link=[]                  Add link to another container

-      --log-driver=""            Logging driver for container

-      --log-opt=[]               Log driver specific options

-      --lxc-conf=[]              Add custom lxc options

-      -m, --memory=""            Memory limit

-      --mac-address=""           Container MAC address (e.g. 92:d0:c6:0a:29:33)

-      --memory-swap=""           Total memory (memory + swap), '-1' to disable swap

-      --memory-swappiness=""     Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.

-      --name=""                  Assign a name to the container

-      --net="bridge"             Set the Network mode for the container

-      --oom-kill-disable=false   Whether to disable OOM Killer for the container or not

-      -P, --publish-all=false    Publish all exposed ports to random ports

-      -p, --publish=[]           Publish a container's port(s) to the host

-      --pid=""                   PID namespace to use

-      --privileged=false         Give extended privileges to this container

-      --read-only=false          Mount the container's root filesystem as read only

-      --restart="no"             Restart policy (no, on-failure[:max-retry], always)

-      --rm=false                 Automatically remove the container when it exits

-      --security-opt=[]          Security Options

-      --sig-proxy=true           Proxy received signals to the process

-      -t, --tty=false            Allocate a pseudo-TTY

-      -u, --user=""              Username or UID (format: <name|uid>[:<group|gid>])

-      --ulimit=[]                Ulimit options

-      --untrusted=true           Skip image verification

-      --uts=""                   UTS namespace to use

-      -v, --volume=[]            Bind mount a volume

-      --volumes-from=[]          Mount volumes from the specified container(s)

-      -w, --workdir=""           Working directory inside the container

+      -a, --attach=[]               Attach to STDIN, STDOUT or STDERR

+      --add-host=[]                 Add a custom host-to-IP mapping (host:ip)

+      --blkio-weight=0              Block IO weight (relative weight)

+      -c, --cpu-shares=0            CPU shares (relative weight)

+      --cap-add=[]                  Add Linux capabilities

+      --cap-drop=[]                 Drop Linux capabilities

+      --cgroup-parent=""            Optional parent cgroup for the container

+      --cidfile=""                  Write the container ID to the file

+      --cpu-period=0                Limit CPU CFS (Completely Fair Scheduler) period

+      --cpu-quota=0                 Limit CPU CFS (Completely Fair Scheduler) quota

+      --cpuset-cpus=""              CPUs in which to allow execution (0-3, 0,1)

+      --cpuset-mems=""              Memory nodes (MEMs) in which to allow execution (0-3, 0,1)

+      -d, --detach=false            Run container in background and print container ID

+      --device=[]                   Add a host device to the container

+      --dns=[]                      Set custom DNS servers

+      --dns-search=[]               Set custom DNS search domains

+      -e, --env=[]                  Set environment variables

+      --entrypoint=""               Overwrite the default ENTRYPOINT of the image

+      --env-file=[]                 Read in a file of environment variables

+      --expose=[]                   Expose a port or a range of ports

+      --group-add=[]                Add additional groups to run as

+      -h, --hostname=""             Container host name

+      --help=false                  Print usage

+      -i, --interactive=false       Keep STDIN open even if not attached

+      --ipc=""                      IPC namespace to use

+      -l, --label=[]                Set metadata on the container (e.g., --label=com.example.key=value)

+      --label-file=[]               Read in a file of labels (EOL delimited)

+      --link=[]                     Add link to another container

+      --log-driver=""               Logging driver for container

+      --log-opt=[]                  Log driver specific options

+      --lxc-conf=[]                 Add custom lxc options

+      -m, --memory=""               Memory limit

+      --mac-address=""              Container MAC address (e.g. 92:d0:c6:0a:29:33)

+      --memory-swap=""              Total memory (memory + swap), '-1' to disable swap

+      --memory-swappiness=""        Tune a container's memory swappiness behavior. Accepts an integer between 0 and 100.

+      --name=""                     Assign a name to the container

+      --net="bridge"                Set the Network mode for the container

+      --oom-kill-disable=false      Whether to disable OOM Killer for the container or not

+      -P, --publish-all=false       Publish all exposed ports to random ports

+      -p, --publish=[]              Publish a container's port(s) to the host

+      --pid=""                      PID namespace to use

+      --privileged=false            Give extended privileges to this container

+      --read-only=false             Mount the container's root filesystem as read only

+      --restart="no"                Restart policy (no, on-failure[:max-retry], always)

+      --rm=false                    Automatically remove the container when it exits

+      --security-opt=[]             Security Options

+      --sig-proxy=true              Proxy received signals to the process

+      -t, --tty=false               Allocate a pseudo-TTY

+      -u, --user=""                 Username or UID (format: <name|uid>[:<group|gid>])

+      --ulimit=[]                   Ulimit options

+      --disable-content-trust=true  Skip image verification

+      --uts=""                      UTS namespace to use

+      -v, --volume=[]               Bind mount a volume

+      --volumes-from=[]             Mount volumes from the specified container(s)

+      -w, --workdir=""              Working directory inside the container

 The `docker run` command first `creates` a writeable container layer over the

 specified image, and then `starts` it using the specified command. That is,

@@ -294,7 +294,7 @@ func (s *DockerTrustSuite) TestTrustedCreate(c *check.C) {

 	dockerCmd(c, "rmi", repoName)

 	// Try untrusted create to ensure we pushed the tag to the registry

-	createCmd = exec.Command(dockerBinary, "create", "--untrusted=true", repoName)

+	createCmd = exec.Command(dockerBinary, "create", "--disable-content-trust=true", repoName)

 	s.trustedCmd(createCmd)

 	out, _, err = runCommandWithOutput(createCmd)

 	if err != nil {

@@ -302,7 +302,7 @@ func (s *DockerTrustSuite) TestTrustedCreate(c *check.C) {

 	}

 	if !strings.Contains(string(out), "Status: Downloaded") {

-		c.Fatalf("Missing expected output on trusted create with --untrusted:\n%s", out)

+		c.Fatalf("Missing expected output on trusted create with --disable-content-trust:\n%s", out)

 	}

 }

@@ -366,7 +366,7 @@ func (s *DockerTrustSuite) TestCreateWhenCertExpired(c *check.C) {

 	runAtDifferentDate(elevenYearsFromNow, func() {

 		// Try create

-		createCmd := exec.Command(dockerBinary, "create", "--untrusted", repoName)

+		createCmd := exec.Command(dockerBinary, "create", "--disable-content-trust", repoName)

 		s.trustedCmd(createCmd)

 		out, _, err := runCommandWithOutput(createCmd)

 		if err != nil {

@@ -132,7 +132,7 @@ func (s *DockerSuite) TestHelpTextVerify(c *check.C) {

 			// Check each line for lots of stuff

 			lines := strings.Split(out, "\n")

 			for _, line := range lines {

-				if len(line) > 80 {

+				if len(line) > 90 {

 					c.Fatalf("Help for %q is too long(%d chars):\n%s", cmd,

 						len(line), line)

 				}

@@ -174,7 +174,7 @@ func (s *DockerTrustSuite) TestTrustedPull(c *check.C) {

 	dockerCmd(c, "rmi", repoName)

 	// Try untrusted pull to ensure we pushed the tag to the registry

-	pullCmd = exec.Command(dockerBinary, "pull", "--untrusted=true", repoName)

+	pullCmd = exec.Command(dockerBinary, "pull", "--disable-content-trust=true", repoName)

 	s.trustedCmd(pullCmd)

 	out, _, err = runCommandWithOutput(pullCmd)

 	if err != nil {

@@ -182,7 +182,7 @@ func (s *DockerTrustSuite) TestTrustedPull(c *check.C) {

 	}

 	if !strings.Contains(string(out), "Status: Downloaded") {

-		c.Fatalf("Missing expected output on trusted pull with --untrusted:\n%s", out)

+		c.Fatalf("Missing expected output on trusted pull with --disable-content-trust:\n%s", out)

 	}

 }

@@ -246,7 +246,7 @@ func (s *DockerTrustSuite) TestPullWhenCertExpired(c *check.C) {

 	runAtDifferentDate(elevenYearsFromNow, func() {

 		// Try pull

-		pullCmd := exec.Command(dockerBinary, "pull", "--untrusted", repoName)

+		pullCmd := exec.Command(dockerBinary, "pull", "--disable-content-trust", repoName)

 		s.trustedCmd(pullCmd)

 		out, _, err := runCommandWithOutput(pullCmd)

 		if err != nil {

@@ -182,15 +182,15 @@ func (s *DockerTrustSuite) TestTrustedPushWithoutServerAndUntrusted(c *check.C)

 	// tag the image and upload it to the private registry

 	dockerCmd(c, "tag", "busybox", repoName)

-	pushCmd := exec.Command(dockerBinary, "push", "--untrusted", repoName)

+	pushCmd := exec.Command(dockerBinary, "push", "--disable-content-trust", repoName)

 	s.trustedCmdWithServer(pushCmd, "example/")

 	out, _, err := runCommandWithOutput(pushCmd)

 	if err != nil {

-		c.Fatalf("trusted push with no server and --untrusted failed: %s\n%s", err, out)

+		c.Fatalf("trusted push with no server and --disable-content-trust failed: %s\n%s", err, out)

 	}

 	if strings.Contains(string(out), "Error establishing connection to notary repository") {

-		c.Fatalf("Missing expected output on trusted push with --untrusted:\n%s", out)

+		c.Fatalf("Missing expected output on trusted push with --disable-content-trust:\n%s", out)

 	}

 }

@@ -252,7 +252,7 @@ func (s *DockerTrustSuite) TestTrustedPushWithExistingSignedTag(c *check.C) {

 	}

 	if !strings.Contains(string(out), "Status: Downloaded") {

-		c.Fatalf("Missing expected output on trusted pull with --untrusted:\n%s", out)

+		c.Fatalf("Missing expected output on trusted pull with --disable-content-trust:\n%s", out)

 	}

 }

@@ -2566,7 +2566,7 @@ func (s *DockerTrustSuite) TestTrustedRun(c *check.C) {

 	dockerCmd(c, "rmi", repoName)

 	// Try untrusted run to ensure we pushed the tag to the registry

-	runCmd = exec.Command(dockerBinary, "run", "--untrusted=true", repoName)

+	runCmd = exec.Command(dockerBinary, "run", "--disable-content-trust=true", repoName)

 	s.trustedCmd(runCmd)

 	out, _, err = runCommandWithOutput(runCmd)

 	if err != nil {

@@ -2574,7 +2574,7 @@ func (s *DockerTrustSuite) TestTrustedRun(c *check.C) {

 	}

 	if !strings.Contains(string(out), "Status: Downloaded") {

-		c.Fatalf("Missing expected output on trusted run with --untrusted:\n%s", out)

+		c.Fatalf("Missing expected output on trusted run with --disable-content-trust:\n%s", out)

 	}

 }

@@ -2620,7 +2620,7 @@ func (s *DockerTrustSuite) TestRunWhenCertExpired(c *check.C) {

 	runAtDifferentDate(elevenYearsFromNow, func() {

 		// Try run

-		runCmd := exec.Command(dockerBinary, "run", "--untrusted", repoName)

+		runCmd := exec.Command(dockerBinary, "run", "--disable-content-trust", repoName)

 		s.trustedCmd(runCmd)

 		out, _, err := runCommandWithOutput(runCmd)

 		if err != nil {

@@ -130,11 +130,11 @@ func (s *DockerTrustSuite) trustedCmdWithPassphrases(cmd *exec.Cmd, rootPwd, sna

 func trustCmdEnv(cmd *exec.Cmd, server, rootPwd, snapshotPwd, targetPwd string) {

 	env := []string{

-		"DOCKER_TRUST=1",

-		fmt.Sprintf("DOCKER_TRUST_SERVER=%s", server),

-		fmt.Sprintf("DOCKER_TRUST_ROOT_PASSPHRASE=%s", rootPwd),

-		fmt.Sprintf("DOCKER_TRUST_SNAPSHOT_PASSPHRASE=%s", snapshotPwd),

-		fmt.Sprintf("DOCKER_TRUST_TARGET_PASSPHRASE=%s", targetPwd),

+		"DOCKER_CONTENT_TRUST=1",

+		fmt.Sprintf("DOCKER_CONTENT_TRUST_SERVER=%s", server),

+		fmt.Sprintf("DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE=%s", rootPwd),

+		fmt.Sprintf("DOCKER_CONTENT_TRUST_SNAPSHOT_PASSPHRASE=%s", snapshotPwd),

+		fmt.Sprintf("DOCKER_CONTENT_TRUST_TARGET_PASSPHRASE=%s", targetPwd),

 	}

 	cmd.Env = append(os.Environ(), env...)

 }