@@ -18,7 +18,7 @@ type execBackend interface {

 	ContainerExecCreate(name string, config *types.ExecConfig) (string, error)

 	ContainerExecInspect(id string) (*backend.ExecInspect, error)

 	ContainerExecResize(name string, height, width int) error

-	ContainerExecStart(ctx context.Context, name string, stdin io.ReadCloser, stdout io.Writer, stderr io.Writer) error

+	ContainerExecStart(ctx context.Context, name string, stdin io.Reader, stdout io.Writer, stderr io.Writer) error

 	ExecExists(name string) (bool, error)

 }

@@ -2,6 +2,7 @@ package swarm

 import (

 	"fmt"

+	"io"

 	"net/http"

 	"github.com/docker/docker/api/server/httputils"

@@ -12,7 +13,7 @@ import (

 // swarmLogs takes an http response, request, and selector, and writes the logs

 // specified by the selector to the response

-func (sr *swarmRouter) swarmLogs(ctx context.Context, w http.ResponseWriter, r *http.Request, selector *backend.LogSelector) error {

+func (sr *swarmRouter) swarmLogs(ctx context.Context, w io.Writer, r *http.Request, selector *backend.LogSelector) error {

 	// Args are validated before the stream starts because when it starts we're

 	// sending HTTP 200 by writing an empty chunk of data to tell the client that

 	// daemon is going to stream. By sending this initial HTTP 200 we can't report

@@ -110,7 +110,7 @@ func GetWithStatusError(address string) (resp *http.Response, err error) {

 //    - an io.Reader for the response body

 //    - an error value which will be non-nil either when something goes wrong while

 //      reading bytes from r or when the detected content-type is not acceptable.

-func inspectResponse(ct string, r io.ReadCloser, clen int64) (string, io.ReadCloser, error) {

+func inspectResponse(ct string, r io.Reader, clen int64) (string, io.ReadCloser, error) {

 	plen := clen

 	if plen <= 0 || plen > maxPreambleLength {

 		plen = maxPreambleLength

@@ -119,10 +119,10 @@ func inspectResponse(ct string, r io.ReadCloser, clen int64) (string, io.ReadClo

 	preamble := make([]byte, plen, plen)

 	rlen, err := r.Read(preamble)

 	if rlen == 0 {

-		return ct, r, errors.New("empty response")

+		return ct, ioutil.NopCloser(r), errors.New("empty response")

 	}

 	if err != nil && err != io.EOF {

-		return ct, r, err

+		return ct, ioutil.NopCloser(r), err

 	}

 	preambleR := bytes.NewReader(preamble[:rlen])

@@ -7,7 +7,7 @@ import (

 	"github.com/docker/distribution/reference"

 	"github.com/docker/docker/api/types"

 	"github.com/docker/docker/api/types/swarm"

-	"github.com/opencontainers/go-digest"

+	digest "github.com/opencontainers/go-digest"

 	"github.com/pkg/errors"

 	"golang.org/x/net/context"

 )

@@ -85,7 +85,7 @@ func (cli *Client) ServiceCreate(ctx context.Context, service swarm.ServiceSpec,

 	return response, err

 }

-func imageDigestAndPlatforms(ctx context.Context, cli *Client, image, encodedAuth string) (string, []swarm.Platform, error) {

+func imageDigestAndPlatforms(ctx context.Context, cli DistributionAPIClient, image, encodedAuth string) (string, []swarm.Platform, error) {

 	distributionInspect, err := cli.DistributionInspect(ctx, image, encodedAuth)

 	imageWithDigest := image

 	var platforms []swarm.Platform

@@ -539,7 +539,7 @@ func initRouter(opts routerOptions) {

 }

 // TODO: remove this from cli and return the authzMiddleware

-func (cli *DaemonCli) initMiddlewares(s *apiserver.Server, cfg *apiserver.Config, pluginStore *plugin.Store) error {

+func (cli *DaemonCli) initMiddlewares(s *apiserver.Server, cfg *apiserver.Config, pluginStore plugingetter.PluginGetter) error {

 	v := cfg.Version

 	exp := middleware.NewExperimentalMiddleware(cli.Config.Experimental)

@@ -655,8 +655,12 @@ func (container *Container) BuildEndpointInfo(n libnetwork.Network, ep libnetwor

 	return nil

 }

+type named interface {

+	Name() string

+}

+

 // UpdateJoinInfo updates network settings when container joins network n with endpoint ep.

-func (container *Container) UpdateJoinInfo(n libnetwork.Network, ep libnetwork.Endpoint) error {

+func (container *Container) UpdateJoinInfo(n named, ep libnetwork.Endpoint) error {

 	if err := container.buildPortMapInfo(ep); err != nil {

 		return err

 	}

@@ -684,7 +688,7 @@ func (container *Container) UpdateSandboxNetworkSettings(sb libnetwork.Sandbox)

 }

 // BuildJoinOptions builds endpoint Join options from a given network.

-func (container *Container) BuildJoinOptions(n libnetwork.Network) ([]libnetwork.EndpointOption, error) {

+func (container *Container) BuildJoinOptions(n named) ([]libnetwork.EndpointOption, error) {

 	var joinOptions []libnetwork.EndpointOption

 	if epConfig, ok := container.NetworkSettings.Networks[n.Name()]; ok {

 		for _, str := range epConfig.Links {

@@ -142,7 +142,7 @@ func (d *Daemon) ContainerExecCreate(name string, config *types.ExecConfig) (str

 // ContainerExecStart starts a previously set up exec instance. The

 // std streams are set up.

 // If ctx is cancelled, the process is terminated.

-func (d *Daemon) ContainerExecStart(ctx context.Context, name string, stdin io.ReadCloser, stdout io.Writer, stderr io.Writer) (err error) {

+func (d *Daemon) ContainerExecStart(ctx context.Context, name string, stdin io.Reader, stdout io.Writer, stderr io.Writer) (err error) {

 	var (

 		cStdin           io.ReadCloser

 		cStdout, cStderr io.Writer

@@ -28,7 +28,7 @@ import (

 	"github.com/docker/docker/pkg/system"

 	refstore "github.com/docker/docker/reference"

 	"github.com/docker/docker/registry"

-	"github.com/opencontainers/go-digest"

+	digest "github.com/opencontainers/go-digest"

 	"github.com/pkg/errors"

 	"github.com/sirupsen/logrus"

 	"golang.org/x/net/context"

@@ -435,7 +435,7 @@ func (p *v2Puller) pullV2Tag(ctx context.Context, ref reference.Named) (tagUpdat

 	return true, nil

 }

-func (p *v2Puller) pullSchema1(ctx context.Context, ref reference.Named, unverifiedManifest *schema1.SignedManifest) (id digest.Digest, manifestDigest digest.Digest, err error) {

+func (p *v2Puller) pullSchema1(ctx context.Context, ref reference.Reference, unverifiedManifest *schema1.SignedManifest) (id digest.Digest, manifestDigest digest.Digest, err error) {

 	var verifiedManifest *schema1.Manifest

 	verifiedManifest, err = verifySchema1Manifest(unverifiedManifest, ref)

 	if err != nil {

@@ -838,7 +838,7 @@ func allowV1Fallback(err error) error {

 	return err

 }

-func verifySchema1Manifest(signedManifest *schema1.SignedManifest, ref reference.Named) (m *schema1.Manifest, err error) {

+func verifySchema1Manifest(signedManifest *schema1.SignedManifest, ref reference.Reference) (m *schema1.Manifest, err error) {

 	// If pull by digest, then verify the manifest digest. NOTE: It is

 	// important to do this first, before any other content validation. If the

 	// digest cannot be verified, don't even bother with those other things.

@@ -24,7 +24,7 @@ import (

 	"github.com/docker/docker/pkg/progress"

 	"github.com/docker/docker/pkg/stringid"

 	"github.com/docker/docker/registry"

-	"github.com/opencontainers/go-digest"

+	digest "github.com/opencontainers/go-digest"

 	"github.com/sirupsen/logrus"

 )

@@ -651,6 +651,7 @@ func (bla byLikeness) Swap(i, j int) {

 }

 func (bla byLikeness) Len() int { return len(bla.arr) }

+// nolint: interfacer

 func sortV2MetadataByLikenessAndAge(repoInfo reference.Named, hmacKey []byte, marr []metadata.V2Metadata) {

 	// reverse the metadata array to shift the newest entries to the beginning

 	for i := 0; i < len(marr)/2; i++ {

@@ -14,6 +14,7 @@

     "gofmt",

     "goimports",

     "golint",

+    "interfacer",

     "vet"

   ],

@@ -23,7 +23,7 @@ import (

 	"github.com/docker/docker/pkg/stringid"

 	"github.com/docker/docker/pkg/symlink"

 	"github.com/docker/docker/pkg/system"

-	"github.com/opencontainers/go-digest"

+	digest "github.com/opencontainers/go-digest"

 	"github.com/sirupsen/logrus"

 )

@@ -212,15 +212,12 @@ func (l *tarexporter) loadLayer(filename string, rootFS image.RootFS, id string,

 	return l.ls.Register(inflatedLayerData, rootFS.ChainID(), platform)

 }

-func (l *tarexporter) setLoadedTag(ref reference.NamedTagged, imgID digest.Digest, outStream io.Writer) error {

+func (l *tarexporter) setLoadedTag(ref reference.Named, imgID digest.Digest, outStream io.Writer) error {

 	if prevID, err := l.rs.Get(ref); err == nil && prevID != imgID {

 		fmt.Fprintf(outStream, "The image %s already exists, renaming the old one with ID %s to empty string\n", reference.FamiliarString(ref), string(prevID)) // todo: this message is wrong in case of multiple tags

 	}

-	if err := l.rs.AddTag(ref, imgID, true); err != nil {

-		return err

-	}

-	return nil

+	return l.rs.AddTag(ref, imgID, true)

 }

 func (l *tarexporter) legacyLoad(tmpDir string, outStream io.Writer, progressOutput progress.Output) error {

@@ -247,6 +247,7 @@ func (err PingResponseError) Error() string {

 // challenge manager for the supported authentication types and

 // whether v2 was confirmed by the response. If a response is received but

 // cannot be interpreted a PingResponseError will be returned.

+// nolint: interfacer

 func PingV2Registry(endpoint *url.URL, transport http.RoundTripper) (challenge.Manager, bool, error) {

 	var (

 		foundV2   = false