@@ -43,7 +43,7 @@ clone git github.com/hashicorp/consul v0.5.2

 clone git github.com/boltdb/bolt v1.1.0

 # get graph and distribution packages

-clone git github.com/docker/distribution 568bf038af6d65b376165d02886b1c7fcaef1f61

+clone git github.com/docker/distribution a7ae88da459b98b481a245e5b1750134724ac67d

 clone git github.com/vbatts/tar-split v0.9.11

 # get desired notary commit, might also need to be updated in Dockerfile

@@ -5,3 +5,10 @@ Brian Bland <brian.bland@docker.com>    Brian Bland <r4nd0m1n4t0r@gmail.com>

 Josh Hawn <josh.hawn@docker.com>        Josh Hawn <jlhawn@berkeley.edu>

 Richard Scothern <richard.scothern@docker.com> Richard <richard.scothern@gmail.com>

 Richard Scothern <richard.scothern@docker.com> Richard Scothern <richard.scothern@gmail.com>

+Andrew Meredith <andymeredith@gmail.com> Andrew Meredith <kendru@users.noreply.github.com>

+harche <p.harshal@gmail.com> harche <harche@users.noreply.github.com>

+Jessie Frazelle <jessie@docker.com>  <jfrazelle@users.noreply.github.com>

+Sharif Nassar <sharif@mrwacky.com> Sharif Nassar <mrwacky42@users.noreply.github.com>

+Sven Dowideit <SvenDowideit@home.org.au> Sven Dowideit <SvenDowideit@users.noreply.github.com>

+Vincent Giersch <vincent.giersch@ovh.net> Vincent Giersch <vincent@giersch.fr>

+davidli <wenquan.li@hp.com> davidli <wenquan.li@hpe.com>

\ No newline at end of file

@@ -5,13 +5,16 @@ Adrian Mouat <adrian.mouat@gmail.com>

 Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>

 Alex Chan <alex.chan@metaswitch.com>

 Alex Elman <aelman@indeed.com>

+amitshukla <ashukla73@hotmail.com>

 Amy Lindburg <amy.lindburg@docker.com>

+Andrew Meredith <andymeredith@gmail.com>

 Andrey Kostov <kostov.andrey@gmail.com>

 Andy Goldstein <agoldste@redhat.com>

 Anton Tiurin <noxiouz@yandex.ru>

 Antonio Mercado <amercado@thinknode.com>

 Arnaud Porterie <arnaud.porterie@docker.com>

 Arthur Baars <arthur@semmle.com>

+Avi Miller <avi.miller@oracle.com>

 Ayose Cazorla <ayosec@gmail.com>

 BadZen <dave.trombley@gmail.com>

 Ben Firshman <ben@firshman.co.uk>

@@ -32,9 +35,10 @@ Derek McGowan <derek@mcgstyle.net>

 Diogo Mónica <diogo.monica@gmail.com>

 Donald Huang <don.hcd@gmail.com>

 Doug Davis <dug@us.ibm.com>

+farmerworking <farmerworking@gmail.com>

 Florentin Raud <florentin.raud@gmail.com>

 Frederick F. Kautz IV <fkautz@alumni.cmu.edu>

-harche <harche@users.noreply.github.com>

+harche <p.harshal@gmail.com>

 Henri Gomez <henri.gomez@gmail.com>

 Hu Keping <hukeping@huawei.com>

 Hua Wang <wanghua.humble@gmail.com>

@@ -42,9 +46,10 @@ Ian Babrou <ibobrik@gmail.com>

 Jack Griffin <jackpg14@gmail.com>

 Jason Freidman <jason.freidman@gmail.com>

 Jeff Nickoloff <jeff@allingeek.com>

-Jessie Frazelle <jfrazelle@users.noreply.github.com>

+Jessie Frazelle <jessie@docker.com>

 Jianqing Wang <tsing@jianqing.org>

 Jon Poler <jonathan.poler@apcera.com>

+Jonathan Boulle <jonathanboulle@gmail.com>

 Jordan Liggitt <jliggitt@redhat.com>

 Josh Hawn <josh.hawn@docker.com>

 Julien Fernandez <julien.fernandez@gmail.com>

@@ -59,6 +64,7 @@ Matt Moore <mattmoor@google.com>

 Matt Robenolt <matt@ydekproductions.com>

 Michael Prokop <mika@grml.org>

 Miquel Sabaté <msabate@suse.com>

+Morgan Bauer <mbauer@us.ibm.com>

 moxiegirl <mary@docker.com>

 Nathan Sullivan <nathan@nightsys.net>

 nevermosby <robolwq@qq.com>

@@ -70,8 +76,8 @@ Olivier Jacques <olivier.jacques@hp.com>

 Patrick Devine <patrick.devine@docker.com>

 Philip Misiowiec <philip@atlashealth.com>

 Richard Scothern <richard.scothern@docker.com>

+Rusty Conover <rusty@luckydinosaur.com>

 Sebastiaan van Stijn <github@gone.nl>

-Sharif Nassar <mrwacky42@users.noreply.github.com>

 Sharif Nassar <sharif@mrwacky.com>

 Shawn Falkner-Horine <dreadpirateshawn@gmail.com>

 Shreyas Karnik <karnik.shreyas@gmail.com>

@@ -81,15 +87,16 @@ Stephen J Day <stephen.day@docker.com>

 Sungho Moon <sungho.moon@navercorp.com>

 Sven Dowideit <SvenDowideit@home.org.au>

 Sylvain Baubeau <sbaubeau@redhat.com>

+Ted Reed <ted.reed@gmail.com>

 tgic <farmer1992@gmail.com>

 Thomas Sjögren <konstruktoid@users.noreply.github.com>

 Tianon Gravi <admwiggin@gmail.com>

 Tibor Vass <teabee89@gmail.com>

+Tonis Tiigi <tonistiigi@gmail.com>

 Troels Thomsen <troels@thomsen.io>

 Vincent Batts <vbatts@redhat.com>

 Vincent Demeester <vincent@sbr.pm>

 Vincent Giersch <vincent.giersch@ovh.net>

-Vincent Giersch <vincent@giersch.fr>

 W. Trevor King <wking@tremily.us>

 xg.song <xg.song@venusource.com>

 xiekeyang <xiekeyang@huawei.com>

@@ -1,4 +1,4 @@

-FROM golang:1.4

+FROM golang:1.5.2

 RUN apt-get update && \

     apt-get install -y librados-dev apache2-utils && \

@@ -1,8 +1,58 @@

-Solomon Hykes <solomon@docker.com> (@shykes)

-Olivier Gambier <olivier@docker.com> (@dmp42)

-Stephen Day <stephen.day@docker.com> (@stevvooe)

-Derek McGowan <derek@mcgstyle.net> (@dmcgowan)

-Richard Scothern <richard.scothern@gmail.com> (@richardscothern)

-Aaron Lehmann <aaron.lehmann@docker.com> (@aaronlehmann)

+# Distribution maintainers file

+#

+# This file describes who runs the docker/distribution project and how.

+# This is a living document - if you see something out of date or missing, speak up!

+#

+# It is structured to be consumable by both humans and programs.

+# To extract its contents programmatically, use any TOML-compliant parser.

+#

+# This file is compiled into the MAINTAINERS file in docker/opensource.

+#

+[Org]

+	[Org."Core maintainers"]

+		people = [

+			"aaronlehmann",

+			"dmcgowan",

+			"dmp42",

+			"richardscothern",

+			"shykes",

+			"stevvooe",

+		]

+[people]

+# A reference list of all people associated with the project.

+# All other sections should refer to people by their canonical key

+# in the people section.

+

+	# ADD YOURSELF HERE IN ALPHABETICAL ORDER

+

+	[people.aaronlehmann]

+	Name = "Aaron Lehmann"

+	Email = "aaron.lehmann@docker.com"

+	GitHub = "aaronlehmann"

+

+	[people.dmcgowan]

+	Name = "Derek McGowan"

+	Email = "derek@mcgstyle.net"

+	GitHub = "dmcgowan"

+

+	[people.dmp42]

+	Name = "Olivier Gambier"

+	Email = "olivier@docker.com"

+	GitHub = "dmp42"

+

+	[people.richardscothern]

+	Name = "Richard Scothern"

+	Email = "richard.scothern@gmail.com"

+	GitHub = "richardscothern"

+

+	[people.shykes]

+	Name = "Solomon Hykes"

+	Email = "solomon@docker.com"

+	GitHub = "shykes"

+

+	[people.stevvooe]

+	Name = "Stephen Day"

+	Email = "stephen.day@docker.com"

+	GitHub = "stevvooe"

@@ -17,9 +17,9 @@ This repository contains the following components:

 |**Component**       |Description                                                                                                                                                                                         |

 |--------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|

 | **registry**       | An implementation of the [Docker Registry HTTP API V2](docs/spec/api.md) for use with docker 1.6+.                                                                                                  |

-| **libraries**      | A rich set of libraries for interacting with,distribution components. Please see [godoc](http://godoc.org/github.com/docker/distribution) for details. **Note**: These libraries are **unstable**. |

+| **libraries**      | A rich set of libraries for interacting with,distribution components. Please see [godoc](https://godoc.org/github.com/docker/distribution) for details. **Note**: These libraries are **unstable**. |

 | **specifications** | _Distribution_ related specifications are available in [docs/spec](docs/spec)                                                                                                                        |

-| **documentation**  | Docker's full documentation set is available at [docs.docker.com](http://docs.docker.com). This repository [contains the subset](docs/index.md) related just to the registry.                                                                                                                                          |

+| **documentation**  | Docker's full documentation set is available at [docs.docker.com](https://docs.docker.com). This repository [contains the subset](docs/index.md) related just to the registry.                                                                                                                                          |

 ### How does this integrate with Docker engine?

@@ -58,7 +58,7 @@ For information on upcoming functionality, please see [ROADMAP.md](ROADMAP.md).

 ### Who needs to deploy a registry?

 By default, Docker users pull images from Docker's public registry instance.

-[Installing Docker](http://docs.docker.com/installation) gives users this

+[Installing Docker](https://docs.docker.com/engine/installation/) gives users this

 ability. Users can also push images to a repository on Docker's public registry,

 if they have a [Docker Hub](https://hub.docker.com/) account. 

@@ -61,6 +61,15 @@ type Descriptor struct {

 	// depend on the simplicity of this type.

 }

+// Descriptor returns the descriptor, to make it satisfy the Describable

+// interface. Note that implementations of Describable are generally objects

+// which can be described, not simply descriptors; this exception is in place

+// to make it more convenient to pass actual descriptors to functions that

+// expect Describable objects.

+func (d Descriptor) Descriptor() Descriptor {

+	return d

+}

+

 // BlobStatter makes blob descriptors available by digest. The service may

 // provide a descriptor of a different digest if the provided digest is not

 // canonical.

@@ -6,6 +6,8 @@ machine:

   # Install ceph to test rados driver & create pool

     - sudo -i ~/distribution/contrib/ceph/ci-setup.sh

     - ceph osd pool create docker-distribution 1

+  # Install codecov for coverage

+    - pip install --user codecov

   post:

   # go

@@ -45,9 +47,6 @@ dependencies:

     - >

       gvm use stable &&

       go get github.com/axw/gocov/gocov github.com/golang/lint/golint

- 

-  # Disabling goveralls for now

-  # go get github.com/axw/gocov/gocov github.com/mattn/goveralls github.com/golang/lint/golint

 test:

   pre:

@@ -73,25 +72,17 @@ test:

         pwd: $BASE_STABLE

   override:

-

   # Test stable, and report

-  # Preset the goverall report file

-  # - echo "$CIRCLE_PAIN" > ~/goverage.report

-

-     - gvm use stable; go list ./... | xargs -L 1 -I{} rm -f $GOPATH/src/{}/coverage.out:

-         pwd: $BASE_STABLE

-

-     - gvm use stable; go list -tags "$DOCKER_BUILDTAGS" ./... | xargs -L 1 -I{} godep go test -tags "$DOCKER_BUILDTAGS" -test.short -coverprofile=$GOPATH/src/{}/coverage.out {}:

+     - gvm use stable; export ROOT_PACKAGE=$(go list .); go list -tags "$DOCKER_BUILDTAGS" ./... | xargs -L 1 -I{} bash -c 'export PACKAGE={}; godep go test -tags "$DOCKER_BUILDTAGS" -test.short -coverprofile=$GOPATH/src/$PACKAGE/coverage.out -coverpkg=$(./coverpkg.sh $PACKAGE $ROOT_PACKAGE) $PACKAGE':

          timeout: 600

          pwd: $BASE_STABLE

   post:

-  # Aggregate and report to coveralls

-    - gvm use stable; go list -tags "$DOCKER_BUILDTAGS" ./... | xargs -L 1 -I{} cat "$GOPATH/src/{}/coverage.out" | grep -v "$CIRCLE_PAIN" >> ~/goverage.report:

+  # Report to codecov

+    - bash <(curl -s https://codecov.io/bash):

         pwd: $BASE_STABLE

   ## Notes

-  # Disabled coveralls reporting: build breaking sending coverage data to coveralls

   # Disabled the -race detector due to massive memory usage.

   # Do we want these as well?

   # - go get code.google.com/p/go.tools/cmd/goimports

new file mode 100755

@@ -0,0 +1,7 @@

+#!/usr/bin/env bash

+# Given a subpackage and the containing package, figures out which packages

+# need to be passed to `go test -coverpkg`:  this includes all of the

+# subpackage's dependencies within the containing package, as well as the

+# subpackage itself.

+DEPENDENCIES="$(go list -f $'{{range $f := .Deps}}{{$f}}\n{{end}}' ${1} | grep ${2})"

+echo "${1} ${DEPENDENCIES}" | xargs echo -n | tr ' ' ','

@@ -1,21 +1,14 @@

 package digest

 import (

-	"bytes"

 	"fmt"

 	"hash"

 	"io"

-	"io/ioutil"

 	"regexp"

 	"strings"

-

-	"github.com/docker/docker/pkg/tarsum"

 )

 const (

-	// DigestTarSumV1EmptyTar is the digest for the empty tar file.

-	DigestTarSumV1EmptyTar = "tarsum.v1+sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"

-

 	// DigestSha256EmptyTar is the canonical sha256 digest of empty data

 	DigestSha256EmptyTar = "sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"

 )

@@ -29,18 +22,21 @@ const (

 //

 // 	sha256:7173b809ca12ec5dee4506cd86be934c4596dd234ee82c0662eac04a8c2c71dc

 //

-// More important for this code base, this type is compatible with tarsum

-// digests. For example, the following would be a valid Digest:

-//

-// 	tarsum+sha256:e58fcf7418d4390dec8e8fb69d88c06ec07039d651fedd3aa72af9972e7d046b

-//

 // This allows to abstract the digest behind this type and work only in those

 // terms.

 type Digest string

 // NewDigest returns a Digest from alg and a hash.Hash object.

 func NewDigest(alg Algorithm, h hash.Hash) Digest {

-	return Digest(fmt.Sprintf("%s:%x", alg, h.Sum(nil)))

+	return NewDigestFromBytes(alg, h.Sum(nil))

+}

+

+// NewDigestFromBytes returns a new digest from the byte contents of p.

+// Typically, this can come from hash.Hash.Sum(...) or xxx.SumXXX(...)

+// functions. This is also useful for rebuilding digests from binary

+// serializations.

+func NewDigestFromBytes(alg Algorithm, p []byte) Digest {

+	return Digest(fmt.Sprintf("%s:%x", alg, p))

 }

 // NewDigestFromHex returns a Digest from alg and a the hex encoded digest.

@@ -79,41 +75,15 @@ func FromReader(rd io.Reader) (Digest, error) {

 	return Canonical.FromReader(rd)

 }

-// FromTarArchive produces a tarsum digest from reader rd.

-func FromTarArchive(rd io.Reader) (Digest, error) {

-	ts, err := tarsum.NewTarSum(rd, true, tarsum.Version1)

-	if err != nil {

-		return "", err

-	}

-

-	if _, err := io.Copy(ioutil.Discard, ts); err != nil {

-		return "", err

-	}

-

-	d, err := ParseDigest(ts.Sum(nil))

-	if err != nil {

-		return "", err

-	}

-

-	return d, nil

-}

-

 // FromBytes digests the input and returns a Digest.

-func FromBytes(p []byte) (Digest, error) {

-	return FromReader(bytes.NewReader(p))

+func FromBytes(p []byte) Digest {

+	return Canonical.FromBytes(p)

 }

 // Validate checks that the contents of d is a valid digest, returning an

 // error if not.

 func (d Digest) Validate() error {

 	s := string(d)

-	// Common case will be tarsum

-	_, err := ParseTarSum(s)

-	if err == nil {

-		return nil

-	}

-

-	// Continue on for general parser

 	if !DigestRegexpAnchored.MatchString(s) {

 		return ErrDigestInvalidFormat

@@ -2,6 +2,7 @@ package digest

 import (

 	"crypto"

+	"fmt"

 	"hash"

 	"io"

 )

@@ -13,10 +14,9 @@ type Algorithm string

 // supported digest types

 const (

-	SHA256         Algorithm = "sha256"           // sha256 with hex encoding

-	SHA384         Algorithm = "sha384"           // sha384 with hex encoding

-	SHA512         Algorithm = "sha512"           // sha512 with hex encoding

-	TarsumV1SHA256 Algorithm = "tarsum+v1+sha256" // supported tarsum version, verification only

+	SHA256 Algorithm = "sha256" // sha256 with hex encoding

+	SHA384 Algorithm = "sha384" // sha384 with hex encoding

+	SHA512 Algorithm = "sha512" // sha512 with hex encoding

 	// Canonical is the primary digest algorithm used with the distribution

 	// project. Other digests may be used but this one is the primary storage

@@ -85,11 +85,18 @@ func (a Algorithm) New() Digester {

 	}

 }

-// Hash returns a new hash as used by the algorithm. If not available, nil is

-// returned. Make sure to check Available before calling.

+// Hash returns a new hash as used by the algorithm. If not available, the

+// method will panic. Check Algorithm.Available() before calling.

 func (a Algorithm) Hash() hash.Hash {

 	if !a.Available() {

-		return nil

+		// NOTE(stevvooe): A missing hash is usually a programming error that

+		// must be resolved at compile time. We don't import in the digest

+		// package to allow users to choose their hash implementation (such as

+		// when using stevvooe/resumable or a hardware accelerated package).

+		//

+		// Applications that may want to resolve the hash at runtime should

+		// call Algorithm.Available before call Algorithm.Hash().

+		panic(fmt.Sprintf("%v not available (make sure it is imported)", a))

 	}

 	return algorithms[a].New()

@@ -106,6 +113,22 @@ func (a Algorithm) FromReader(rd io.Reader) (Digest, error) {

 	return digester.Digest(), nil

 }

+// FromBytes digests the input and returns a Digest.

+func (a Algorithm) FromBytes(p []byte) Digest {

+	digester := a.New()

+

+	if _, err := digester.Hash().Write(p); err != nil {

+		// Writes to a Hash should never fail. None of the existing

+		// hash implementations in the stdlib or hashes vendored

+		// here can return errors from Write. Having a panic in this

+		// condition instead of having FromBytes return an error value

+		// avoids unnecessary error handling paths in all callers.

+		panic("write to hash function returned error: " + err.Error())

+	}

+

+	return digester.Digest()

+}

+

 // TODO(stevvooe): Allow resolution of verifiers using the digest type and

 // this registration system.

@@ -1,7 +1,7 @@

 // Package digest provides a generalized type to opaquely represent message

 // digests and their operations within the registry. The Digest type is

 // designed to serve as a flexible identifier in a content-addressable system.

-// More importantly, it provides tools and wrappers to work with tarsums and

+// More importantly, it provides tools and wrappers to work with

 // hash.Hash-based digests with little effort.

 //

 // Basics

@@ -16,17 +16,7 @@

 // 	sha256:7173b809ca12ec5dee4506cd86be934c4596dd234ee82c0662eac04a8c2c71dc

 //

 // In this case, the string "sha256" is the algorithm and the hex bytes are

-// the "digest". A tarsum example will be more illustrative of the use case

-// involved in the registry:

-//

-// 	tarsum+sha256:e58fcf7418d4390dec8e8fb69d88c06ec07039d651fedd3aa72af9972e7d046b

-//

-// For this, we consider the algorithm to be "tarsum+sha256". Prudent

-// applications will favor the ParseDigest function to verify the format over

-// using simple type casts. However, a normal string can be cast as a digest

-// with a simple type conversion:

-//

-// 	Digest("tarsum+sha256:e58fcf7418d4390dec8e8fb69d88c06ec07039d651fedd3aa72af9972e7d046b")

+// the "digest".

 //

 // Because the Digest type is simply a string, once a valid Digest is

 // obtained, comparisons are cheap, quick and simple to express with the

deleted file mode 100644

@@ -1,70 +0,0 @@

-package digest

-

-import (

-	"fmt"

-

-	"regexp"

-)

-

-// TarsumRegexp defines a regular expression to match tarsum identifiers.

-var TarsumRegexp = regexp.MustCompile("tarsum(?:.[a-z0-9]+)?\\+[a-zA-Z0-9]+:[A-Fa-f0-9]+")

-

-// TarsumRegexpCapturing defines a regular expression to match tarsum identifiers with

-// capture groups corresponding to each component.

-var TarsumRegexpCapturing = regexp.MustCompile("(tarsum)(.([a-z0-9]+))?\\+([a-zA-Z0-9]+):([A-Fa-f0-9]+)")

-

-// TarSumInfo contains information about a parsed tarsum.

-type TarSumInfo struct {

-	// Version contains the version of the tarsum.

-	Version string

-

-	// Algorithm contains the algorithm for the final digest

-	Algorithm string

-

-	// Digest contains the hex-encoded digest.

-	Digest string

-}

-

-// InvalidTarSumError provides informations about a TarSum that cannot be parsed

-// by ParseTarSum.

-type InvalidTarSumError string

-

-func (e InvalidTarSumError) Error() string {

-	return fmt.Sprintf("invalid tarsum: %q", string(e))

-}

-

-// ParseTarSum parses a tarsum string into its components of interest. For

-// example, this method may receive the tarsum in the following format:

-//

-//		tarsum.v1+sha256:220a60ecd4a3c32c282622a625a54db9ba0ff55b5ba9c29c7064a2bc358b6a3e

-//

-// The function will return the following:

-//

-//		TarSumInfo{

-//			Version: "v1",

-//			Algorithm: "sha256",

-//			Digest: "220a60ecd4a3c32c282622a625a54db9ba0ff55b5ba9c29c7064a2bc358b6a3e",

-//		}

-//

-func ParseTarSum(tarSum string) (tsi TarSumInfo, err error) {

-	components := TarsumRegexpCapturing.FindStringSubmatch(tarSum)

-

-	if len(components) != 1+TarsumRegexpCapturing.NumSubexp() {

-		return TarSumInfo{}, InvalidTarSumError(tarSum)

-	}

-

-	return TarSumInfo{

-		Version:   components[3],

-		Algorithm: components[4],

-		Digest:    components[5],

-	}, nil

-}

-

-// String returns the valid, string representation of the tarsum info.

-func (tsi TarSumInfo) String() string {

-	if tsi.Version == "" {

-		return fmt.Sprintf("tarsum+%s:%s", tsi.Algorithm, tsi.Digest)

-	}

-

-	return fmt.Sprintf("tarsum.%s+%s:%s", tsi.Version, tsi.Algorithm, tsi.Digest)

-}

@@ -3,9 +3,6 @@ package digest

 import (

 	"hash"

 	"io"

-	"io/ioutil"

-

-	"github.com/docker/docker/pkg/tarsum"

 )

 // Verifier presents a general verification interface to be used with message

@@ -27,70 +24,10 @@ func NewDigestVerifier(d Digest) (Verifier, error) {

 		return nil, err

 	}

-	alg := d.Algorithm()

-	switch alg {

-	case "sha256", "sha384", "sha512":

-		return hashVerifier{

-			hash:   alg.Hash(),

-			digest: d,

-		}, nil

-	default:

-		// Assume we have a tarsum.

-		version, err := tarsum.GetVersionFromTarsum(string(d))

-		if err != nil {

-			return nil, err

-		}

-

-		pr, pw := io.Pipe()

-

-		// TODO(stevvooe): We may actually want to ban the earlier versions of

-		// tarsum. That decision may not be the place of the verifier.

-

-		ts, err := tarsum.NewTarSum(pr, true, version)

-		if err != nil {

-			return nil, err

-		}

-

-		// TODO(sday): Ick! A goroutine per digest verification? We'll have to

-		// get the tarsum library to export an io.Writer variant.

-		go func() {

-			if _, err := io.Copy(ioutil.Discard, ts); err != nil {

-				pr.CloseWithError(err)

-			} else {

-				pr.Close()

-			}

-		}()

-

-		return &tarsumVerifier{

-			digest: d,

-			ts:     ts,

-			pr:     pr,

-			pw:     pw,

-		}, nil

-	}

-}

-

-// NewLengthVerifier returns a verifier that returns true when the number of

-// read bytes equals the expected parameter.

-func NewLengthVerifier(expected int64) Verifier {

-	return &lengthVerifier{

-		expected: expected,

-	}

-}

-

-type lengthVerifier struct {

-	expected int64 // expected bytes read

-	len      int64 // bytes read

-}

-

-func (lv *lengthVerifier) Write(p []byte) (n int, err error) {

-	n = len(p)

-	lv.len += int64(n)

-	return n, err

-}

-

-func (lv *lengthVerifier) Verified() bool {

-	return lv.expected == lv.len

+	return hashVerifier{

+		hash:   d.Algorithm().Hash(),

+		digest: d,

+	}, nil

 }

 type hashVerifier struct {

@@ -105,18 +42,3 @@ func (hv hashVerifier) Write(p []byte) (n int, err error) {

 func (hv hashVerifier) Verified() bool {

 	return hv.digest == NewDigest(hv.digest.Algorithm(), hv.hash)

 }

-

-type tarsumVerifier struct {

-	digest Digest

-	ts     tarsum.TarSum

-	pr     *io.PipeReader

-	pw     *io.PipeWriter

-}

-

-func (tv *tarsumVerifier) Write(p []byte) (n int, err error) {

-	return tv.pw.Write(p)

-}

-

-func (tv *tarsumVerifier) Verified() bool {

-	return tv.digest == Digest(tv.ts.Sum(nil))

-}

@@ -16,6 +16,15 @@ var ErrManifestNotModified = errors.New("manifest not modified")

 // performed

 var ErrUnsupported = errors.New("operation unsupported")

+// ErrTagUnknown is returned if the given tag is not known by the tag service

+type ErrTagUnknown struct {

+	Tag string

+}

+

+func (err ErrTagUnknown) Error() string {

+	return fmt.Sprintf("unknown tag=%s", err.Tag)

+}

+

 // ErrRepositoryUnknown is returned if the named repository is not known by

 // the registry.

 type ErrRepositoryUnknown struct {

new file mode 100644

@@ -0,0 +1,147 @@

+package manifestlist

+

+import (

+	"encoding/json"

+	"errors"

+	"fmt"

+

+	"github.com/docker/distribution"

+	"github.com/docker/distribution/digest"

+	"github.com/docker/distribution/manifest"

+)

+

+// MediaTypeManifestList specifies the mediaType for manifest lists.

+const MediaTypeManifestList = "application/vnd.docker.distribution.manifest.list.v2+json"

+

+// SchemaVersion provides a pre-initialized version structure for this

+// packages version of the manifest.

+var SchemaVersion = manifest.Versioned{

+	SchemaVersion: 2,

+	MediaType:     MediaTypeManifestList,

+}

+

+func init() {

+	manifestListFunc := func(b []byte) (distribution.Manifest, distribution.Descriptor, error) {

+		m := new(DeserializedManifestList)

+		err := m.UnmarshalJSON(b)

+		if err != nil {

+			return nil, distribution.Descriptor{}, err

+		}

+

+		dgst := digest.FromBytes(b)

+		return m, distribution.Descriptor{Digest: dgst, Size: int64(len(b)), MediaType: MediaTypeManifestList}, err

+	}

+	err := distribution.RegisterManifestSchema(MediaTypeManifestList, manifestListFunc)

+	if err != nil {

+		panic(fmt.Sprintf("Unable to register manifest: %s", err))

+	}

+}

+

+// PlatformSpec specifies a platform where a particular image manifest is

+// applicable.

+type PlatformSpec struct {

+	// Architecture field specifies the CPU architecture, for example

+	// `amd64` or `ppc64`.

+	Architecture string `json:"architecture"`

+

+	// OS specifies the operating system, for example `linux` or `windows`.

+	OS string `json:"os"`

+

+	// Variant is an optional field specifying a variant of the CPU, for

+	// example `ppc64le` to specify a little-endian version of a PowerPC CPU.

+	Variant string `json:"variant,omitempty"`

+

+	// Features is an optional field specifuing an array of strings, each

+	// listing a required CPU feature (for example `sse4` or `aes`).

+	Features []string `json:"features,omitempty"`

+}

+

+// A ManifestDescriptor references a platform-specific manifest.

+type ManifestDescriptor struct {

+	distribution.Descriptor

+

+	// Platform specifies which platform the manifest pointed to by the

+	// descriptor runs on.

+	Platform PlatformSpec `json:"platform"`

+}

+

+// ManifestList references manifests for various platforms.

+type ManifestList struct {

+	manifest.Versioned

+

+	// Config references the image configuration as a blob.

+	Manifests []ManifestDescriptor `json:"manifests"`

+}

+

+// References returnes the distribution descriptors for the referenced image

+// manifests.

+func (m ManifestList) References() []distribution.Descriptor {

+	dependencies := make([]distribution.Descriptor, len(m.Manifests))

+	for i := range m.Manifests {

+		dependencies[i] = m.Manifests[i].Descriptor

+	}

+

+	return dependencies

+}

+

+// DeserializedManifestList wraps ManifestList with a copy of the original

+// JSON.

+type DeserializedManifestList struct {

+	ManifestList

+

+	// canonical is the canonical byte representation of the Manifest.

+	canonical []byte

+}

+

+// FromDescriptors takes a slice of descriptors, and returns a

+// DeserializedManifestList which contains the resulting manifest list

+// and its JSON representation.

+func FromDescriptors(descriptors []ManifestDescriptor) (*DeserializedManifestList, error) {

+	m := ManifestList{

+		Versioned: SchemaVersion,

+	}

+

+	m.Manifests = make([]ManifestDescriptor, len(descriptors), len(descriptors))

+	copy(m.Manifests, descriptors)

+

+	deserialized := DeserializedManifestList{

+		ManifestList: m,

+	}

+

+	var err error

+	deserialized.canonical, err = json.MarshalIndent(&m, "", "   ")

+	return &deserialized, err

+}

+

+// UnmarshalJSON populates a new ManifestList struct from JSON data.

+func (m *DeserializedManifestList) UnmarshalJSON(b []byte) error {

+	m.canonical = make([]byte, len(b), len(b))

+	// store manifest list in canonical

+	copy(m.canonical, b)

+

+	// Unmarshal canonical JSON into ManifestList object

+	var manifestList ManifestList

+	if err := json.Unmarshal(m.canonical, &manifestList); err != nil {

+		return err

+	}

+

+	m.ManifestList = manifestList

+

+	return nil

+}

+

+// MarshalJSON returns the contents of canonical. If canonical is empty,

+// marshals the inner contents.

+func (m *DeserializedManifestList) MarshalJSON() ([]byte, error) {

+	if len(m.canonical) > 0 {

+		return m.canonical, nil

+	}

+

+	return nil, errors.New("JSON representation not initialized in DeserializedManifestList")

+}

+

+// Payload returns the raw content of the manifest list. The contents can be

+// used to calculate the content identifier.

+func (m DeserializedManifestList) Payload() (string, []byte, error) {

+	return m.MediaType, m.canonical, nil

+}

new file mode 100644

@@ -0,0 +1,278 @@

+package schema1

+

+import (

+	"crypto/sha512"

+	"encoding/json"

+	"errors"

+	"fmt"

+	"time"

+

+	"github.com/docker/distribution"

+	"github.com/docker/distribution/context"

+	"github.com/docker/libtrust"

+

+	"github.com/docker/distribution/digest"

+	"github.com/docker/distribution/manifest"

+)

+

+type diffID digest.Digest

+

+// gzippedEmptyTar is a gzip-compressed version of an empty tar file

+// (1024 NULL bytes)

+var gzippedEmptyTar = []byte{

+	31, 139, 8, 0, 0, 9, 110, 136, 0, 255, 98, 24, 5, 163, 96, 20, 140, 88,

+	0, 8, 0, 0, 255, 255, 46, 175, 181, 239, 0, 4, 0, 0,

+}

+

+// digestSHA256GzippedEmptyTar is the canonical sha256 digest of

+// gzippedEmptyTar

+const digestSHA256GzippedEmptyTar = digest.Digest("sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4")

+

+// configManifestBuilder is a type for constructing manifests from an image

+// configuration and generic descriptors.

+type configManifestBuilder struct {

+	// bs is a BlobService used to create empty layer tars in the

+	// blob store if necessary.

+	bs distribution.BlobService

+	// pk is the libtrust private key used to sign the final manifest.

+	pk libtrust.PrivateKey

+	// configJSON is configuration supplied when the ManifestBuilder was

+	// created.

+	configJSON []byte

+	// name is the name provided to NewConfigManifestBuilder

+	name string

+	// tag is the tag provided to NewConfigManifestBuilder

+	tag string

+	// descriptors is the set of descriptors referencing the layers.

+	descriptors []distribution.Descriptor

+	// emptyTarDigest is set to a valid digest if an empty tar has been

+	// put in the blob store; otherwise it is empty.

+	emptyTarDigest digest.Digest

+}

+

+// NewConfigManifestBuilder is used to build new manifests for the current

+// schema version from an image configuration and a set of descriptors.

+// It takes a BlobService so that it can add an empty tar to the blob store

+// if the resulting manifest needs empty layers.

+func NewConfigManifestBuilder(bs distribution.BlobService, pk libtrust.PrivateKey, name, tag string, configJSON []byte) distribution.ManifestBuilder {

+	return &configManifestBuilder{

+		bs:         bs,

+		pk:         pk,

+		configJSON: configJSON,

+		name:       name,