@@ -9,7 +9,6 @@ import (

 	"github.com/docker/docker/api/client/lib"

 	"github.com/docker/docker/api/types"

-	"github.com/docker/docker/cliconfig"

 	"github.com/docker/docker/pkg/parsers/filters"

 	"github.com/docker/docker/registry"

 	"github.com/docker/docker/runconfig"

@@ -67,7 +66,7 @@ type apiClient interface {

 	NetworkInspect(networkID string) (types.NetworkResource, error)

 	NetworkList() ([]types.NetworkResource, error)

 	NetworkRemove(networkID string) error

-	RegistryLogin(auth cliconfig.AuthConfig) (types.AuthResponse, error)

+	RegistryLogin(auth types.AuthConfig) (types.AuthResponse, error)

 	ServerVersion() (types.Version, error)

 	VolumeCreate(options types.VolumeCreateRequest) (types.Volume, error)

 	VolumeInspect(volumeID string) (types.Volume, error)

@@ -6,12 +6,11 @@ import (

 	"net/url"

 	"github.com/docker/docker/api/types"

-	"github.com/docker/docker/cliconfig"

 )

 // RegistryLogin authenticates the docker server with a given docker registry.

 // It returns UnauthorizerError when the authentication fails.

-func (cli *Client) RegistryLogin(auth cliconfig.AuthConfig) (types.AuthResponse, error) {

+func (cli *Client) RegistryLogin(auth types.AuthConfig) (types.AuthResponse, error) {

 	resp, err := cli.post("/auth", url.Values{}, auth, nil)

 	if resp != nil && resp.statusCode == http.StatusUnauthorized {

@@ -10,7 +10,6 @@ import (

 	"github.com/docker/docker/api/client/lib"

 	Cli "github.com/docker/docker/cli"

-	"github.com/docker/docker/cliconfig"

 	flag "github.com/docker/docker/pkg/mflag"

 	"github.com/docker/docker/pkg/term"

 	"github.com/docker/docker/registry"

@@ -63,7 +62,7 @@ func (cli *DockerCli) CmdLogin(args ...string) error {

 	authconfig, ok := cli.configFile.AuthConfigs[serverAddress]

 	if !ok {

-		authconfig = cliconfig.AuthConfig{}

+		authconfig = types.AuthConfig{}

 	}

 	if username == "" {

@@ -76,9 +76,9 @@ func (cli *DockerCli) CmdPull(args ...string) error {

 	return cli.imagePullPrivileged(authConfig, distributionRef.String(), "", requestPrivilege)

 }

-func (cli *DockerCli) imagePullPrivileged(authConfig cliconfig.AuthConfig, imageID, tag string, requestPrivilege lib.RequestPrivilegeFunc) error {

+func (cli *DockerCli) imagePullPrivileged(authConfig types.AuthConfig, imageID, tag string, requestPrivilege lib.RequestPrivilegeFunc) error {

-	encodedAuth, err := authConfig.EncodeToBase64()

+	encodedAuth, err := cliconfig.EncodeAuthToBase64(authConfig)

 	if err != nil {

 		return err

 	}

@@ -65,8 +65,8 @@ func (cli *DockerCli) CmdPush(args ...string) error {

 	return cli.imagePushPrivileged(authConfig, ref.Name(), tag, cli.out, requestPrivilege)

 }

-func (cli *DockerCli) imagePushPrivileged(authConfig cliconfig.AuthConfig, imageID, tag string, outputStream io.Writer, requestPrivilege lib.RequestPrivilegeFunc) error {

-	encodedAuth, err := authConfig.EncodeToBase64()

+func (cli *DockerCli) imagePushPrivileged(authConfig types.AuthConfig, imageID, tag string, outputStream io.Writer, requestPrivilege lib.RequestPrivilegeFunc) error {

+	encodedAuth, err := cliconfig.EncodeAuthToBase64(authConfig)

 	if err != nil {

 		return err

 	}

@@ -9,6 +9,7 @@ import (

 	"github.com/docker/docker/api/types"

 	Cli "github.com/docker/docker/cli"

+	"github.com/docker/docker/cliconfig"

 	flag "github.com/docker/docker/pkg/mflag"

 	"github.com/docker/docker/pkg/stringutils"

 	"github.com/docker/docker/registry"

@@ -38,7 +39,7 @@ func (cli *DockerCli) CmdSearch(args ...string) error {

 	authConfig := registry.ResolveAuthConfig(cli.configFile.AuthConfigs, indexInfo)

 	requestPrivilege := cli.registryAuthenticationPrivilegedFunc(indexInfo, "search")

-	encodedAuth, err := authConfig.EncodeToBase64()

+	encodedAuth, err := cliconfig.EncodeAuthToBase64(authConfig)

 	if err != nil {

 		return err

 	}

@@ -97,14 +97,14 @@ func trustServer(index *registry.IndexInfo) (string, error) {

 }

 type simpleCredentialStore struct {

-	auth cliconfig.AuthConfig

+	auth types.AuthConfig

 }

 func (scs simpleCredentialStore) Basic(u *url.URL) (string, string) {

 	return scs.auth.Username, scs.auth.Password

 }

-func (cli *DockerCli) getNotaryRepository(repoInfo *registry.RepositoryInfo, authConfig cliconfig.AuthConfig) (*client.NotaryRepository, error) {

+func (cli *DockerCli) getNotaryRepository(repoInfo *registry.RepositoryInfo, authConfig types.AuthConfig) (*client.NotaryRepository, error) {

 	server, err := trustServer(repoInfo.Index)

 	if err != nil {

 		return nil, err

@@ -279,7 +279,7 @@ func notaryError(err error) error {

 	return err

 }

-func (cli *DockerCli) trustedPull(repoInfo *registry.RepositoryInfo, ref registry.Reference, authConfig cliconfig.AuthConfig, requestPrivilege lib.RequestPrivilegeFunc) error {

+func (cli *DockerCli) trustedPull(repoInfo *registry.RepositoryInfo, ref registry.Reference, authConfig types.AuthConfig, requestPrivilege lib.RequestPrivilegeFunc) error {

 	var refs []target

 	notaryRepo, err := cli.getNotaryRepository(repoInfo, authConfig)

@@ -380,7 +380,7 @@ func targetStream(in io.Writer) (io.WriteCloser, <-chan []target) {

 	return ioutils.NewWriteCloserWrapper(out, w.Close), targetChan

 }

-func (cli *DockerCli) trustedPush(repoInfo *registry.RepositoryInfo, tag string, authConfig cliconfig.AuthConfig, requestPrivilege lib.RequestPrivilegeFunc) error {

+func (cli *DockerCli) trustedPush(repoInfo *registry.RepositoryInfo, tag string, authConfig types.AuthConfig, requestPrivilege lib.RequestPrivilegeFunc) error {

 	streamOut, targetChan := targetStream(cli.out)

 	reqError := cli.imagePushPrivileged(authConfig, repoInfo.LocalName.Name(), tag, streamOut, requestPrivilege)

@@ -1,6 +1,8 @@

 package client

 import (

+	"encoding/base64"

+	"encoding/json"

 	"fmt"

 	"os"

 	gosignal "os/signal"

@@ -15,9 +17,18 @@ import (

 	"github.com/docker/docker/registry"

 )

+// encodeAuthToBase64 serializes the auth configuration as JSON base64 payload

+func encodeAuthToBase64(authConfig AuthConfig) (string, error) {

+	buf, err := json.Marshal(authConfig)

+	if err != nil {

+		return "", err

+	}

+	return base64.URLEncoding.EncodeToString(buf), nil

+}

+

 func (cli *DockerCli) encodeRegistryAuth(index *registry.IndexInfo) (string, error) {

 	authConfig := registry.ResolveAuthConfig(cli.configFile.AuthConfigs, index)

-	return authConfig.EncodeToBase64()

+	return cliconfig.EncodeAuthToBase64(authConfig)

 }

 func (cli *DockerCli) registryAuthenticationPrivilegedFunc(index *registry.IndexInfo, cmdName string) lib.RequestPrivilegeFunc {

@@ -17,7 +17,6 @@ import (

 	"github.com/docker/docker/api/types"

 	"github.com/docker/docker/builder"

 	"github.com/docker/docker/builder/dockerfile"

-	"github.com/docker/docker/cliconfig"

 	"github.com/docker/docker/daemon/daemonbuilder"

 	derr "github.com/docker/docker/errors"

 	"github.com/docker/docker/pkg/archive"

@@ -91,13 +90,13 @@ func (s *router) postImagesCreate(ctx context.Context, w http.ResponseWriter, r

 		message = r.Form.Get("message")

 	)

 	authEncoded := r.Header.Get("X-Registry-Auth")

-	authConfig := &cliconfig.AuthConfig{}

+	authConfig := &types.AuthConfig{}

 	if authEncoded != "" {

 		authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))

 		if err := json.NewDecoder(authJSON).Decode(authConfig); err != nil {

 			// for a pull it is not an error if no auth was given

 			// to increase compatibility with the existing api it is defaulting to be empty

-			authConfig = &cliconfig.AuthConfig{}

+			authConfig = &types.AuthConfig{}

 		}

 	}

@@ -195,7 +194,7 @@ func (s *router) postImagesPush(ctx context.Context, w http.ResponseWriter, r *h

 	if err := httputils.ParseForm(r); err != nil {

 		return err

 	}

-	authConfig := &cliconfig.AuthConfig{}

+	authConfig := &types.AuthConfig{}

 	authEncoded := r.Header.Get("X-Registry-Auth")

 	if authEncoded != "" {

@@ -203,7 +202,7 @@ func (s *router) postImagesPush(ctx context.Context, w http.ResponseWriter, r *h

 		authJSON := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))

 		if err := json.NewDecoder(authJSON).Decode(authConfig); err != nil {

 			// to increase compatibility to existing api it is defaulting to be empty

-			authConfig = &cliconfig.AuthConfig{}

+			authConfig = &types.AuthConfig{}

 		}

 	} else {

 		// the old format is supported for compatibility if there was no authConfig header

@@ -303,7 +302,7 @@ func (s *router) getImagesByName(ctx context.Context, w http.ResponseWriter, r *

 func (s *router) postBuild(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {

 	var (

-		authConfigs        = map[string]cliconfig.AuthConfig{}

+		authConfigs        = map[string]types.AuthConfig{}

 		authConfigsEncoded = r.Header.Get("X-Registry-Config")

 		buildConfig        = &dockerfile.Config{}

 	)

@@ -560,7 +559,7 @@ func (s *router) getImagesSearch(ctx context.Context, w http.ResponseWriter, r *

 		return err

 	}

 	var (

-		config      *cliconfig.AuthConfig

+		config      *types.AuthConfig

 		authEncoded = r.Header.Get("X-Registry-Auth")

 		headers     = map[string][]string{}

 	)

@@ -570,7 +569,7 @@ func (s *router) getImagesSearch(ctx context.Context, w http.ResponseWriter, r *

 		if err := json.NewDecoder(authJSON).Decode(&config); err != nil {

 			// for a search it is not an error if no auth was given

 			// to increase compatibility with the existing api it is defaulting to be empty

-			config = &cliconfig.AuthConfig{}

+			config = &types.AuthConfig{}

 		}

 	}

 	for k, v := range r.Header {

@@ -2,7 +2,6 @@ package system

 import (

 	"github.com/docker/docker/api/types"

-	"github.com/docker/docker/cliconfig"

 	"github.com/docker/docker/pkg/jsonmessage"

 	"github.com/docker/docker/pkg/parsers/filters"

 )

@@ -14,5 +13,5 @@ type Backend interface {

 	SystemVersion() types.Version

 	SubscribeToEvents(since, sinceNano int64, ef filters.Args) ([]*jsonmessage.JSONMessage, chan interface{})

 	UnsubscribeFromEvents(chan interface{})

-	AuthenticateToRegistry(authConfig *cliconfig.AuthConfig) (string, error)

+	AuthenticateToRegistry(authConfig *types.AuthConfig) (string, error)

 }

@@ -9,7 +9,6 @@ import (

 	"github.com/docker/docker/api"

 	"github.com/docker/docker/api/server/httputils"

 	"github.com/docker/docker/api/types"

-	"github.com/docker/docker/cliconfig"

 	"github.com/docker/docker/pkg/ioutils"

 	"github.com/docker/docker/pkg/jsonmessage"

 	"github.com/docker/docker/pkg/parsers/filters"

@@ -116,7 +115,7 @@ func (s *systemRouter) getEvents(ctx context.Context, w http.ResponseWriter, r *

 }

 func (s *systemRouter) postAuth(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error {

-	var config *cliconfig.AuthConfig

+	var config *types.AuthConfig

 	err := json.NewDecoder(r.Body).Decode(&config)

 	r.Body.Close()

 	if err != nil {

new file mode 100644

@@ -0,0 +1,11 @@

+package types

+

+// AuthConfig contains authorization information for connecting to a Registry

+type AuthConfig struct {

+	Username      string `json:"username,omitempty"`

+	Password      string `json:"password,omitempty"`

+	Auth          string `json:"auth"`

+	Email         string `json:"email"`

+	ServerAddress string `json:"serveraddress,omitempty"`

+	RegistryToken string `json:"registrytoken,omitempty"`

+}

@@ -5,7 +5,6 @@ import (

 	"io"

 	"net"

-	"github.com/docker/docker/cliconfig"

 	"github.com/docker/docker/pkg/parsers/filters"

 	"github.com/docker/docker/pkg/ulimit"

 	"github.com/docker/docker/runconfig"

@@ -135,7 +134,7 @@ type ImageBuildOptions struct {

 	Dockerfile     string

 	Ulimits        []*ulimit.Ulimit

 	BuildArgs      []string

-	AuthConfigs    map[string]cliconfig.AuthConfig

+	AuthConfigs    map[string]types.AuthConfig

 	Context        io.Reader

 }

@@ -10,6 +10,7 @@ import (

 	"path/filepath"

 	"strings"

+	"github.com/docker/docker/api/types"

 	"github.com/docker/docker/pkg/homedir"

 )

@@ -44,19 +45,9 @@ func SetConfigDir(dir string) {

 	configDir = dir

 }

-// AuthConfig contains authorization information for connecting to a Registry

-type AuthConfig struct {

-	Username      string `json:"username,omitempty"`

-	Password      string `json:"password,omitempty"`

-	Auth          string `json:"auth"`

-	Email         string `json:"email"`

-	ServerAddress string `json:"serveraddress,omitempty"`

-	RegistryToken string `json:"registrytoken,omitempty"`

-}

-

-// EncodeToBase64 serializes the auth configuration as JSON base64 payload

-func (a AuthConfig) EncodeToBase64() (string, error) {

-	buf, err := json.Marshal(a)

+// EncodeAuthToBase64 serializes the auth configuration as JSON base64 payload

+func EncodeAuthToBase64(authConfig AuthConfig) (string, error) {

+	buf, err := json.Marshal(authConfig)

 	if err != nil {

 		return "", err

 	}

@@ -65,16 +56,16 @@ func (a AuthConfig) EncodeToBase64() (string, error) {

 // ConfigFile ~/.docker/config.json file info

 type ConfigFile struct {

-	AuthConfigs map[string]AuthConfig `json:"auths"`

-	HTTPHeaders map[string]string     `json:"HttpHeaders,omitempty"`

-	PsFormat    string                `json:"psFormat,omitempty"`

-	filename    string                // Note: not serialized - for internal use only

+	AuthConfigs map[string]types.AuthConfig `json:"auths"`

+	HTTPHeaders map[string]string           `json:"HttpHeaders,omitempty"`

+	PsFormat    string                      `json:"psFormat,omitempty"`

+	filename    string                      // Note: not serialized - for internal use only

 }

 // NewConfigFile initializes an empty configuration file for the given filename 'fn'

 func NewConfigFile(fn string) *ConfigFile {

 	return &ConfigFile{

-		AuthConfigs: make(map[string]AuthConfig),

+		AuthConfigs: make(map[string]types.AuthConfig),

 		HTTPHeaders: make(map[string]string),

 		filename:    fn,

 	}

@@ -93,7 +84,7 @@ func (configFile *ConfigFile) LegacyLoadFromReader(configData io.Reader) error {

 		if len(arr) < 2 {

 			return fmt.Errorf("The Auth config file is empty")

 		}

-		authConfig := AuthConfig{}

+		authConfig := types.AuthConfig{}

 		origAuth := strings.Split(arr[0], " = ")

 		if len(origAuth) != 2 {

 			return fmt.Errorf("Invalid Auth config file")

@@ -146,7 +137,7 @@ func (configFile *ConfigFile) LoadFromReader(configData io.Reader) error {

 // a non-nested reader

 func LegacyLoadFromReader(configData io.Reader) (*ConfigFile, error) {

 	configFile := ConfigFile{

-		AuthConfigs: make(map[string]AuthConfig),

+		AuthConfigs: make(map[string]types.AuthConfig),

 	}

 	err := configFile.LegacyLoadFromReader(configData)

 	return &configFile, err

@@ -156,7 +147,7 @@ func LegacyLoadFromReader(configData io.Reader) (*ConfigFile, error) {

 // a reader

 func LoadFromReader(configData io.Reader) (*ConfigFile, error) {

 	configFile := ConfigFile{

-		AuthConfigs: make(map[string]AuthConfig),

+		AuthConfigs: make(map[string]types.AuthConfig),

 	}

 	err := configFile.LoadFromReader(configData)

 	return &configFile, err

@@ -171,7 +162,7 @@ func Load(configDir string) (*ConfigFile, error) {

 	}

 	configFile := ConfigFile{

-		AuthConfigs: make(map[string]AuthConfig),

+		AuthConfigs: make(map[string]types.AuthConfig),

 		filename:    filepath.Join(configDir, ConfigFileName),

 	}

@@ -215,7 +206,7 @@ func Load(configDir string) (*ConfigFile, error) {

 // the given writer

 func (configFile *ConfigFile) SaveToWriter(writer io.Writer) error {

 	// Encode sensitive data into a new/temp struct

-	tmpAuthConfigs := make(map[string]AuthConfig, len(configFile.AuthConfigs))

+	tmpAuthConfigs := make(map[string]types.AuthConfig, len(configFile.AuthConfigs))

 	for k, authConfig := range configFile.AuthConfigs {

 		authCopy := authConfig

 		// encode and save the authstring, while blanking out the original fields

@@ -261,7 +252,7 @@ func (configFile *ConfigFile) Filename() string {

 }

 // EncodeAuth creates a base64 encoded string to containing authorization information

-func EncodeAuth(authConfig *AuthConfig) string {

+func EncodeAuth(authConfig *types.AuthConfig) string {

 	authStr := authConfig.Username + ":" + authConfig.Password

 	msg := []byte(authStr)

 	encoded := make([]byte, base64.StdEncoding.EncodedLen(len(msg)))

@@ -22,7 +22,6 @@ import (

 	"github.com/docker/distribution/reference"

 	"github.com/docker/docker/api"

 	"github.com/docker/docker/api/types"

-	"github.com/docker/docker/cliconfig"

 	"github.com/docker/docker/container"

 	"github.com/docker/docker/daemon/events"

 	"github.com/docker/docker/daemon/exec"

@@ -1069,7 +1068,7 @@ func writeDistributionProgress(cancelFunc func(), outStream io.Writer, progressC

 // PullImage initiates a pull operation. image is the repository name to pull, and

 // tag may be either empty, or indicate a specific tag to pull.

-func (daemon *Daemon) PullImage(ref reference.Named, metaHeaders map[string][]string, authConfig *cliconfig.AuthConfig, outStream io.Writer) error {

+func (daemon *Daemon) PullImage(ref reference.Named, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error {

 	// Include a buffer so that slow client connections don't affect

 	// transfer performance.

 	progressChan := make(chan progress.Progress, 100)

@@ -1112,7 +1111,7 @@ func (daemon *Daemon) ExportImage(names []string, outStream io.Writer) error {

 }

 // PushImage initiates a push operation on the repository named localName.

-func (daemon *Daemon) PushImage(ref reference.Named, metaHeaders map[string][]string, authConfig *cliconfig.AuthConfig, outStream io.Writer) error {

+func (daemon *Daemon) PushImage(ref reference.Named, metaHeaders map[string][]string, authConfig *types.AuthConfig, outStream io.Writer) error {

 	// Include a buffer so that slow client connections don't affect

 	// transfer performance.

 	progressChan := make(chan progress.Progress, 100)

@@ -1501,14 +1500,14 @@ func configureVolumes(config *Config, rootUID, rootGID int) (*store.VolumeStore,

 }

 // AuthenticateToRegistry checks the validity of credentials in authConfig

-func (daemon *Daemon) AuthenticateToRegistry(authConfig *cliconfig.AuthConfig) (string, error) {

+func (daemon *Daemon) AuthenticateToRegistry(authConfig *types.AuthConfig) (string, error) {

 	return daemon.RegistryService.Auth(authConfig)

 }

 // SearchRegistryForImages queries the registry for images matching

 // term. authConfig is used to login.

 func (daemon *Daemon) SearchRegistryForImages(term string,

-	authConfig *cliconfig.AuthConfig,

+	authConfig *types.AuthConfig,

 	headers map[string][]string) (*registry.SearchResults, error) {

 	return daemon.RegistryService.Search(term, authConfig, headers)

 }

@@ -30,7 +30,7 @@ import (

 type Docker struct {

 	Daemon      *daemon.Daemon

 	OutOld      io.Writer

-	AuthConfigs map[string]cliconfig.AuthConfig

+	AuthConfigs map[string]types.AuthConfig

 	Archiver    *archive.Archiver

 }

@@ -58,7 +58,7 @@ func (d Docker) Pull(name string) (*image.Image, error) {

 		}

 	}

-	pullRegistryAuth := &cliconfig.AuthConfig{}

+	pullRegistryAuth := &types.AuthConfig{}

 	if len(d.AuthConfigs) > 0 {

 		// The request came with a full auth config file, we prefer to use that

 		repoInfo, err := d.Daemon.RegistryService.ResolveRepository(ref)

@@ -7,7 +7,6 @@ import (

 	"github.com/Sirupsen/logrus"

 	"github.com/docker/distribution/reference"

-	"github.com/docker/docker/cliconfig"

 	"github.com/docker/docker/daemon/events"

 	"github.com/docker/docker/distribution/metadata"

 	"github.com/docker/docker/distribution/xfer"

@@ -25,7 +24,7 @@ type ImagePullConfig struct {

 	MetaHeaders map[string][]string

 	// AuthConfig holds authentication credentials for authenticating with

 	// the registry.

-	AuthConfig *cliconfig.AuthConfig

+	AuthConfig *types.AuthConfig

 	// ProgressOutput is the interface for showing the status of the pull

 	// operation.

 	ProgressOutput progress.Output

@@ -9,7 +9,6 @@ import (

 	"github.com/Sirupsen/logrus"

 	"github.com/docker/distribution/digest"

 	"github.com/docker/distribution/reference"

-	"github.com/docker/docker/cliconfig"

 	"github.com/docker/docker/daemon/events"

 	"github.com/docker/docker/distribution/metadata"

 	"github.com/docker/docker/distribution/xfer"

@@ -29,7 +28,7 @@ type ImagePushConfig struct {

 	MetaHeaders map[string][]string

 	// AuthConfig holds authentication credentials for authenticating with

 	// the registry.

-	AuthConfig *cliconfig.AuthConfig

+	AuthConfig *types.AuthConfig

 	// ProgressOutput is the interface for showing the status of the push

 	// operation.

 	ProgressOutput progress.Output

@@ -17,14 +17,13 @@ import (

 	"github.com/docker/distribution/registry/client"

 	"github.com/docker/distribution/registry/client/auth"

 	"github.com/docker/distribution/registry/client/transport"

-	"github.com/docker/docker/cliconfig"

 	"github.com/docker/docker/distribution/xfer"

 	"github.com/docker/docker/registry"

 	"golang.org/x/net/context"

 )

 type dumbCredentialStore struct {

-	auth *cliconfig.AuthConfig

+	auth *types.AuthConfig

 }

 func (dcs dumbCredentialStore) Basic(*url.URL) (string, string) {

@@ -34,7 +33,7 @@ func (dcs dumbCredentialStore) Basic(*url.URL) (string, string) {

 // NewV2Repository returns a repository (v2 only). It creates a HTTP transport

 // providing timeout settings and authentication support, and also verifies the

 // remote API version.

-func NewV2Repository(repoInfo *registry.RepositoryInfo, endpoint registry.APIEndpoint, metaHeaders http.Header, authConfig *cliconfig.AuthConfig, actions ...string) (distribution.Repository, error) {

+func NewV2Repository(repoInfo *registry.RepositoryInfo, endpoint registry.APIEndpoint, metaHeaders http.Header, authConfig *types.AuthConfig, actions ...string) (distribution.Repository, error) {

 	ctx := context.Background()

 	repoName := repoInfo.CanonicalName

@@ -10,14 +10,13 @@ import (

 	"github.com/Sirupsen/logrus"

 	"github.com/docker/distribution/reference"

 	"github.com/docker/distribution/registry/client/auth"

-	"github.com/docker/docker/cliconfig"

 	"github.com/docker/docker/registry"

 	"github.com/docker/docker/utils"

 	"golang.org/x/net/context"

 )

 func TestTokenPassThru(t *testing.T) {

-	authConfig := &cliconfig.AuthConfig{

+	authConfig := &types.AuthConfig{

 		RegistryToken: "mysecrettoken",

 	}

 	gotToken := false

@@ -12,7 +12,7 @@ import (

 )

 // Login tries to register/login to the registry server.

-func Login(authConfig *cliconfig.AuthConfig, registryEndpoint *Endpoint) (string, error) {

+func Login(authConfig *types.AuthConfig, registryEndpoint *Endpoint) (string, error) {

 	// Separates the v2 registry login logic from the v1 logic.

 	if registryEndpoint.Version == APIVersion2 {

 		return loginV2(authConfig, registryEndpoint, "" /* scope */)

@@ -21,7 +21,7 @@ func Login(authConfig *cliconfig.AuthConfig, registryEndpoint *Endpoint) (string

 }

 // loginV1 tries to register/login to the v1 registry server.

-func loginV1(authConfig *cliconfig.AuthConfig, registryEndpoint *Endpoint) (string, error) {

+func loginV1(authConfig *types.AuthConfig, registryEndpoint *Endpoint) (string, error) {

 	var (

 		status         string

 		respBody       []byte

@@ -136,7 +136,7 @@ func loginV1(authConfig *cliconfig.AuthConfig, registryEndpoint *Endpoint) (stri

 // now, users should create their account through other means like directly from a web page

 // served by the v2 registry service provider. Whether this will be supported in the future

 // is to be determined.

-func loginV2(authConfig *cliconfig.AuthConfig, registryEndpoint *Endpoint, scope string) (string, error) {

+func loginV2(authConfig *types.AuthConfig, registryEndpoint *Endpoint, scope string) (string, error) {

 	logrus.Debugf("attempting v2 login to registry endpoint %s", registryEndpoint)

 	var (

 		err       error

@@ -173,7 +173,7 @@ func loginV2(authConfig *cliconfig.AuthConfig, registryEndpoint *Endpoint, scope

 	return "", fmt.Errorf("no successful auth challenge for %s - errors: %s", registryEndpoint, allErrors)

 }

-func tryV2BasicAuthLogin(authConfig *cliconfig.AuthConfig, params map[string]string, registryEndpoint *Endpoint) error {

+func tryV2BasicAuthLogin(authConfig *types.AuthConfig, params map[string]string, registryEndpoint *Endpoint) error {

 	req, err := http.NewRequest("GET", registryEndpoint.Path(""), nil)

 	if err != nil {

 		return err

@@ -194,7 +194,7 @@ func tryV2BasicAuthLogin(authConfig *cliconfig.AuthConfig, params map[string]str

 	return nil

 }

-func tryV2TokenAuthLogin(authConfig *cliconfig.AuthConfig, params map[string]string, registryEndpoint *Endpoint) error {

+func tryV2TokenAuthLogin(authConfig *types.AuthConfig, params map[string]string, registryEndpoint *Endpoint) error {

 	token, err := getToken(authConfig.Username, authConfig.Password, params, registryEndpoint)

 	if err != nil {

 		return err

@@ -221,7 +221,7 @@ func tryV2TokenAuthLogin(authConfig *cliconfig.AuthConfig, params map[string]str

 }

 // ResolveAuthConfig matches an auth configuration to a server address or a URL

-func ResolveAuthConfig(authConfigs map[string]cliconfig.AuthConfig, index *IndexInfo) cliconfig.AuthConfig {

+func ResolveAuthConfig(authConfigs map[string]types.AuthConfig, index *IndexInfo) types.AuthConfig {

 	configKey := index.GetAuthConfigKey()

 	// First try the happy case

 	if c, found := authConfigs[configKey]; found || index.Official {

@@ -250,5 +250,5 @@ func ResolveAuthConfig(authConfigs map[string]cliconfig.AuthConfig, index *Index

 	}

 	// When all else fails, return an empty auth config

-	return cliconfig.AuthConfig{}

+	return types.AuthConfig{}

 }

@@ -7,9 +7,9 @@ import (

 )

 func TestEncodeAuth(t *testing.T) {

-	newAuthConfig := &cliconfig.AuthConfig{Username: "ken", Password: "test", Email: "test@example.com"}

+	newAuthConfig := &types.AuthConfig{Username: "ken", Password: "test", Email: "test@example.com"}

 	authStr := cliconfig.EncodeAuth(newAuthConfig)

-	decAuthConfig := &cliconfig.AuthConfig{}

+	decAuthConfig := &types.AuthConfig{}

 	var err error

 	decAuthConfig.Username, decAuthConfig.Password, err = cliconfig.DecodeAuth(authStr)

 	if err != nil {

@@ -30,7 +30,7 @@ func buildAuthConfigs() map[string]cliconfig.AuthConfig {

 	authConfigs := map[string]cliconfig.AuthConfig{}

 	for _, registry := range []string{"testIndex", IndexServer} {

-		authConfigs[registry] = cliconfig.AuthConfig{

+		authConfigs[registry] = types.AuthConfig{

 			Username: "docker-user",

 			Password: "docker-pass",

 			Email:    "docker@docker.io",

@@ -78,24 +78,24 @@ func TestResolveAuthConfigIndexServer(t *testing.T) {

 func TestResolveAuthConfigFullURL(t *testing.T) {

 	authConfigs := buildAuthConfigs()

-	registryAuth := cliconfig.AuthConfig{

+	registryAuth := types.AuthConfig{

 		Username: "foo-user",

 		Password: "foo-pass",

 		Email:    "foo@example.com",

 	}

-	localAuth := cliconfig.AuthConfig{

+	localAuth := types.AuthConfig{

 		Username: "bar-user",

 		Password: "bar-pass",

 		Email:    "bar@example.com",

 	}

-	officialAuth := cliconfig.AuthConfig{

+	officialAuth := types.AuthConfig{

 		Username: "baz-user",

 		Password: "baz-pass",

 		Email:    "baz@example.com",

 	}

 	authConfigs[IndexServer] = officialAuth

-	expectedAuths := map[string]cliconfig.AuthConfig{

+	expectedAuths := map[string]types.AuthConfig{

 		"registry.example.com": registryAuth,

 		"localhost:8000":       localAuth,

 		"registry.com":         localAuth,

@@ -10,7 +10,6 @@ import (

 	"github.com/docker/distribution/reference"

 	"github.com/docker/distribution/registry/client/transport"

-	"github.com/docker/docker/cliconfig"

 )

 var (

@@ -23,7 +22,7 @@ const (

 )

 func spawnTestRegistrySession(t *testing.T) *Session {

-	authConfig := &cliconfig.AuthConfig{}

+	authConfig := &types.AuthConfig{}

 	endpoint, err := NewEndpoint(makeIndex("/v1/"), nil, APIVersionUnknown)

 	if err != nil {

 		t.Fatal(err)

@@ -8,7 +8,6 @@ import (

 	"github.com/docker/distribution/reference"

 	"github.com/docker/distribution/registry/client/auth"

-	"github.com/docker/docker/cliconfig"

 )

 // Service is a registry service. It tracks configuration data such as a list

@@ -28,7 +27,7 @@ func NewService(options *Options) *Service {

 // Auth contacts the public registry with the provided credentials,

 // and returns OK if authentication was successful.

 // It can be used to verify the validity of a client's credentials.

-func (s *Service) Auth(authConfig *cliconfig.AuthConfig) (string, error) {

+func (s *Service) Auth(authConfig *types.AuthConfig) (string, error) {

 	addr := authConfig.ServerAddress

 	if addr == "" {

 		// Use the official registry address if not specified.

@@ -72,7 +71,7 @@ func splitReposSearchTerm(reposName string) (string, string) {

 // Search queries the public registry for images matching the specified

 // search terms, and returns the results.

-func (s *Service) Search(term string, authConfig *cliconfig.AuthConfig, headers map[string][]string) (*SearchResults, error) {

+func (s *Service) Search(term string, authConfig *types.AuthConfig, headers map[string][]string) (*SearchResults, error) {

 	if err := validateNoSchema(term); err != nil {

 		return nil, err

 	}

@@ -20,7 +20,6 @@ import (

 	"github.com/Sirupsen/logrus"

 	"github.com/docker/distribution/reference"

-	"github.com/docker/docker/cliconfig"

 	"github.com/docker/docker/pkg/httputils"

 	"github.com/docker/docker/pkg/ioutils"

 	"github.com/docker/docker/pkg/stringid"

@@ -39,13 +38,13 @@ type Session struct {

 	indexEndpoint *Endpoint

 	client        *http.Client

 	// TODO(tiborvass): remove authConfig

-	authConfig *cliconfig.AuthConfig

+	authConfig *types.AuthConfig

 	id         string

 }

 type authTransport struct {

 	http.RoundTripper

-	*cliconfig.AuthConfig

+	*types.AuthConfig

 	alwaysSetBasicAuth bool

 	token              []string

@@ -67,7 +66,7 @@ type authTransport struct {

 // If the server sends a token without the client having requested it, it is ignored.

 //

 // This RoundTripper also has a CancelRequest method important for correct timeout handling.

-func AuthTransport(base http.RoundTripper, authConfig *cliconfig.AuthConfig, alwaysSetBasicAuth bool) http.RoundTripper {

+func AuthTransport(base http.RoundTripper, authConfig *types.AuthConfig, alwaysSetBasicAuth bool) http.RoundTripper {

 	if base == nil {

 		base = http.DefaultTransport

 	}

@@ -162,7 +161,7 @@ func (tr *authTransport) CancelRequest(req *http.Request) {

 // NewSession creates a new session

 // TODO(tiborvass): remove authConfig param once registry client v2 is vendored

-func NewSession(client *http.Client, authConfig *cliconfig.AuthConfig, endpoint *Endpoint) (r *Session, err error) {

+func NewSession(client *http.Client, authConfig *types.AuthConfig, endpoint *Endpoint) (r *Session, err error) {

 	r = &Session{

 		authConfig:    authConfig,

 		client:        client,

@@ -743,12 +742,12 @@ func (r *Session) SearchRepositories(term string) (*SearchResults, error) {

 // GetAuthConfig returns the authentication settings for a session

 // TODO(tiborvass): remove this once registry client v2 is vendored

-func (r *Session) GetAuthConfig(withPasswd bool) *cliconfig.AuthConfig {

+func (r *Session) GetAuthConfig(withPasswd bool) *types.AuthConfig {

 	password := ""

 	if withPasswd {

 		password = r.authConfig.Password

 	}

-	return &cliconfig.AuthConfig{

+	return &types.AuthConfig{

 		Username: r.authConfig.Username,

 		Password: password,

 		Email:    r.authConfig.Email,