@@ -8,7 +8,6 @@ import (

 	"errors"

 	"fmt"

 	"github.com/dotcloud/docker/archive"

-	"github.com/dotcloud/docker/auth"

 	"github.com/dotcloud/docker/dockerversion"

 	"github.com/dotcloud/docker/engine"

 	"github.com/dotcloud/docker/nat"

@@ -229,7 +228,7 @@ func (cli *DockerCli) CmdBuild(args ...string) error {

 // 'docker login': login / register a user to registry service.

 func (cli *DockerCli) CmdLogin(args ...string) error {

-	cmd := cli.Subcmd("login", "[OPTIONS] [SERVER]", "Register or Login to a docker registry server, if no server is specified \""+auth.IndexServerAddress()+"\" is the default.")

+	cmd := cli.Subcmd("login", "[OPTIONS] [SERVER]", "Register or Login to a docker registry server, if no server is specified \""+registry.IndexServerAddress()+"\" is the default.")

 	var username, password, email string

@@ -240,7 +239,7 @@ func (cli *DockerCli) CmdLogin(args ...string) error {

 	if err != nil {

 		return nil

 	}

-	serverAddress := auth.IndexServerAddress()

+	serverAddress := registry.IndexServerAddress()

 	if len(cmd.Args()) > 0 {

 		serverAddress = cmd.Arg(0)

 	}

@@ -266,7 +265,7 @@ func (cli *DockerCli) CmdLogin(args ...string) error {

 	cli.LoadConfigFile()

 	authconfig, ok := cli.configFile.Configs[serverAddress]

 	if !ok {

-		authconfig = auth.AuthConfig{}

+		authconfig = registry.AuthConfig{}

 	}

 	if username == "" {

@@ -311,7 +310,7 @@ func (cli *DockerCli) CmdLogin(args ...string) error {

 	stream, statusCode, err := cli.call("POST", "/auth", cli.configFile.Configs[serverAddress], false)

 	if statusCode == 401 {

 		delete(cli.configFile.Configs, serverAddress)

-		auth.SaveConfig(cli.configFile)

+		registry.SaveConfig(cli.configFile)

 		return err

 	}

 	if err != nil {

@@ -320,10 +319,10 @@ func (cli *DockerCli) CmdLogin(args ...string) error {

 	var out2 engine.Env

 	err = out2.Decode(stream)

 	if err != nil {

-		cli.configFile, _ = auth.LoadConfig(os.Getenv("HOME"))

+		cli.configFile, _ = registry.LoadConfig(os.Getenv("HOME"))

 		return err

 	}

-	auth.SaveConfig(cli.configFile)

+	registry.SaveConfig(cli.configFile)

 	if out2.Get("Status") != "" {

 		fmt.Fprintf(cli.out, "%s\n", out2.Get("Status"))

 	}

@@ -1008,7 +1007,7 @@ func (cli *DockerCli) CmdPush(args ...string) error {

 	// Custom repositories can have different rules, and we must also

 	// allow pushing by image ID.

 	if len(strings.SplitN(name, "/", 2)) == 1 {

-		username := cli.configFile.Configs[auth.IndexServerAddress()].Username

+		username := cli.configFile.Configs[registry.IndexServerAddress()].Username

 		if username == "" {

 			username = "<user>"

 		}

@@ -1016,7 +1015,7 @@ func (cli *DockerCli) CmdPush(args ...string) error {

 	}

 	v := url.Values{}

-	push := func(authConfig auth.AuthConfig) error {

+	push := func(authConfig registry.AuthConfig) error {

 		buf, err := json.Marshal(authConfig)

 		if err != nil {

 			return err

@@ -1075,7 +1074,7 @@ func (cli *DockerCli) CmdPull(args ...string) error {

 	v.Set("fromImage", remote)

 	v.Set("tag", *tag)

-	pull := func(authConfig auth.AuthConfig) error {

+	pull := func(authConfig registry.AuthConfig) error {

 		buf, err := json.Marshal(authConfig)

 		if err != nil {

 			return err

@@ -2058,8 +2057,8 @@ func (cli *DockerCli) call(method, path string, data interface{}, passAuthInfo b

 	if passAuthInfo {

 		cli.LoadConfigFile()

 		// Resolve the Auth config relevant for this server

-		authConfig := cli.configFile.ResolveAuthConfig(auth.IndexServerAddress())

-		getHeaders := func(authConfig auth.AuthConfig) (map[string][]string, error) {

+		authConfig := cli.configFile.ResolveAuthConfig(registry.IndexServerAddress())

+		getHeaders := func(authConfig registry.AuthConfig) (map[string][]string, error) {

 			buf, err := json.Marshal(authConfig)

 			if err != nil {

 				return nil, err

@@ -2340,7 +2339,7 @@ func (cli *DockerCli) Subcmd(name, signature, description string) *flag.FlagSet

 }

 func (cli *DockerCli) LoadConfigFile() (err error) {

-	cli.configFile, err = auth.LoadConfig(os.Getenv("HOME"))

+	cli.configFile, err = registry.LoadConfig(os.Getenv("HOME"))

 	if err != nil {

 		fmt.Fprintf(cli.err, "WARNING: %s\n", err)

 	}

@@ -2422,7 +2421,7 @@ func NewDockerCli(in io.ReadCloser, out, err io.Writer, proto, addr string) *Doc

 type DockerCli struct {

 	proto      string

 	addr       string

-	configFile *auth.ConfigFile

+	configFile *registry.ConfigFile

 	in         io.ReadCloser

 	out        io.Writer

 	err        io.Writer

@@ -8,12 +8,12 @@ import (

 	"encoding/json"

 	"expvar"

 	"fmt"

-	"github.com/dotcloud/docker/auth"

 	"github.com/dotcloud/docker/engine"

 	"github.com/dotcloud/docker/pkg/listenbuffer"

 	"github.com/dotcloud/docker/pkg/systemd"

 	"github.com/dotcloud/docker/pkg/user"

 	"github.com/dotcloud/docker/pkg/version"

+	"github.com/dotcloud/docker/registry"

 	"github.com/dotcloud/docker/utils"

 	"github.com/gorilla/mux"

 	"io"

@@ -381,13 +381,13 @@ func postImagesCreate(eng *engine.Engine, version version.Version, w http.Respon

 		job   *engine.Job

 	)

 	authEncoded := r.Header.Get("X-Registry-Auth")

-	authConfig := &auth.AuthConfig{}

+	authConfig := &registry.AuthConfig{}

 	if authEncoded != "" {

 		authJson := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))

 		if err := json.NewDecoder(authJson).Decode(authConfig); err != nil {

 			// for a pull it is not an error if no auth was given

 			// to increase compatibility with the existing api it is defaulting to be empty

-			authConfig = &auth.AuthConfig{}

+			authConfig = &registry.AuthConfig{}

 		}

 	}

 	if image != "" { //pull

@@ -429,7 +429,7 @@ func getImagesSearch(eng *engine.Engine, version version.Version, w http.Respons

 	}

 	var (

 		authEncoded = r.Header.Get("X-Registry-Auth")

-		authConfig  = &auth.AuthConfig{}

+		authConfig  = &registry.AuthConfig{}

 		metaHeaders = map[string][]string{}

 	)

@@ -438,7 +438,7 @@ func getImagesSearch(eng *engine.Engine, version version.Version, w http.Respons

 		if err := json.NewDecoder(authJson).Decode(authConfig); err != nil {

 			// for a search it is not an error if no auth was given

 			// to increase compatibility with the existing api it is defaulting to be empty

-			authConfig = &auth.AuthConfig{}

+			authConfig = &registry.AuthConfig{}

 		}

 	}

 	for k, v := range r.Header {

@@ -494,7 +494,7 @@ func postImagesPush(eng *engine.Engine, version version.Version, w http.Response

 	if err := parseForm(r); err != nil {

 		return err

 	}

-	authConfig := &auth.AuthConfig{}

+	authConfig := &registry.AuthConfig{}

 	authEncoded := r.Header.Get("X-Registry-Auth")

 	if authEncoded != "" {

@@ -502,7 +502,7 @@ func postImagesPush(eng *engine.Engine, version version.Version, w http.Response

 		authJson := base64.NewDecoder(base64.URLEncoding, strings.NewReader(authEncoded))

 		if err := json.NewDecoder(authJson).Decode(authConfig); err != nil {

 			// to increase compatibility to existing api it is defaulting to be empty

-			authConfig = &auth.AuthConfig{}

+			authConfig = &registry.AuthConfig{}

 		}

 	} else {

 		// the old format is supported for compatibility if there was no authConfig header

@@ -823,9 +823,9 @@ func postBuild(eng *engine.Engine, version version.Version, w http.ResponseWrite

 	}

 	var (

 		authEncoded       = r.Header.Get("X-Registry-Auth")

-		authConfig        = &auth.AuthConfig{}

+		authConfig        = &registry.AuthConfig{}

 		configFileEncoded = r.Header.Get("X-Registry-Config")

-		configFile        = &auth.ConfigFile{}

+		configFile        = &registry.ConfigFile{}

 		job               = eng.Job("build")

 	)

@@ -838,7 +838,7 @@ func postBuild(eng *engine.Engine, version version.Version, w http.ResponseWrite

 		if err := json.NewDecoder(authJson).Decode(authConfig); err != nil {

 			// for a pull it is not an error if no auth was given

 			// to increase compatibility with the existing api it is defaulting to be empty

-			authConfig = &auth.AuthConfig{}

+			authConfig = &registry.AuthConfig{}

 		}

 	}

@@ -847,7 +847,7 @@ func postBuild(eng *engine.Engine, version version.Version, w http.ResponseWrite

 		if err := json.NewDecoder(configFileJson).Decode(configFile); err != nil {

 			// for a pull it is not an error if no auth was given

 			// to increase compatibility with the existing api it is defaulting to be empty

-			configFile = &auth.ConfigFile{}

+			configFile = &registry.ConfigFile{}

 		}

 	}

deleted file mode 100644

@@ -1,3 +0,0 @@

-Sam Alba <sam@dotcloud.com> (@samalba)

-Joffrey Fuhrer <joffrey@dotcloud.com> (@shin-)

-Ken Cochrane <ken@dotcloud.com> (@kencochrane)

deleted file mode 100644

@@ -1,290 +0,0 @@

-package auth

-

-import (

-	"encoding/base64"

-	"encoding/json"

-	"errors"

-	"fmt"

-	"github.com/dotcloud/docker/utils"

-	"io/ioutil"

-	"net/http"

-	"os"

-	"path"

-	"strings"

-)

-

-// Where we store the config file

-const CONFIGFILE = ".dockercfg"

-

-// Only used for user auth + account creation

-const INDEXSERVER = "https://index.docker.io/v1/"

-

-//const INDEXSERVER = "https://indexstaging-docker.dotcloud.com/v1/"

-

-var (

-	ErrConfigFileMissing = errors.New("The Auth config file is missing")

-)

-

-type AuthConfig struct {

-	Username      string `json:"username,omitempty"`

-	Password      string `json:"password,omitempty"`

-	Auth          string `json:"auth"`

-	Email         string `json:"email"`

-	ServerAddress string `json:"serveraddress,omitempty"`

-}

-

-type ConfigFile struct {

-	Configs  map[string]AuthConfig `json:"configs,omitempty"`

-	rootPath string

-}

-

-func IndexServerAddress() string {

-	return INDEXSERVER

-}

-

-// create a base64 encoded auth string to store in config

-func encodeAuth(authConfig *AuthConfig) string {

-	authStr := authConfig.Username + ":" + authConfig.Password

-	msg := []byte(authStr)

-	encoded := make([]byte, base64.StdEncoding.EncodedLen(len(msg)))

-	base64.StdEncoding.Encode(encoded, msg)

-	return string(encoded)

-}

-

-// decode the auth string

-func decodeAuth(authStr string) (string, string, error) {

-	decLen := base64.StdEncoding.DecodedLen(len(authStr))

-	decoded := make([]byte, decLen)

-	authByte := []byte(authStr)

-	n, err := base64.StdEncoding.Decode(decoded, authByte)

-	if err != nil {

-		return "", "", err

-	}

-	if n > decLen {

-		return "", "", fmt.Errorf("Something went wrong decoding auth config")

-	}

-	arr := strings.SplitN(string(decoded), ":", 2)

-	if len(arr) != 2 {

-		return "", "", fmt.Errorf("Invalid auth configuration file")

-	}

-	password := strings.Trim(arr[1], "\x00")

-	return arr[0], password, nil

-}

-

-// load up the auth config information and return values

-// FIXME: use the internal golang config parser

-func LoadConfig(rootPath string) (*ConfigFile, error) {

-	configFile := ConfigFile{Configs: make(map[string]AuthConfig), rootPath: rootPath}

-	confFile := path.Join(rootPath, CONFIGFILE)

-	if _, err := os.Stat(confFile); err != nil {

-		return &configFile, nil //missing file is not an error

-	}

-	b, err := ioutil.ReadFile(confFile)

-	if err != nil {

-		return &configFile, err

-	}

-

-	if err := json.Unmarshal(b, &configFile.Configs); err != nil {

-		arr := strings.Split(string(b), "\n")

-		if len(arr) < 2 {

-			return &configFile, fmt.Errorf("The Auth config file is empty")

-		}

-		authConfig := AuthConfig{}

-		origAuth := strings.Split(arr[0], " = ")

-		if len(origAuth) != 2 {

-			return &configFile, fmt.Errorf("Invalid Auth config file")

-		}

-		authConfig.Username, authConfig.Password, err = decodeAuth(origAuth[1])

-		if err != nil {

-			return &configFile, err

-		}

-		origEmail := strings.Split(arr[1], " = ")

-		if len(origEmail) != 2 {

-			return &configFile, fmt.Errorf("Invalid Auth config file")

-		}

-		authConfig.Email = origEmail[1]

-		authConfig.ServerAddress = IndexServerAddress()

-		configFile.Configs[IndexServerAddress()] = authConfig

-	} else {

-		for k, authConfig := range configFile.Configs {

-			authConfig.Username, authConfig.Password, err = decodeAuth(authConfig.Auth)

-			if err != nil {

-				return &configFile, err

-			}

-			authConfig.Auth = ""

-			configFile.Configs[k] = authConfig

-			authConfig.ServerAddress = k

-		}

-	}

-	return &configFile, nil

-}

-

-// save the auth config

-func SaveConfig(configFile *ConfigFile) error {

-	confFile := path.Join(configFile.rootPath, CONFIGFILE)

-	if len(configFile.Configs) == 0 {

-		os.Remove(confFile)

-		return nil

-	}

-

-	configs := make(map[string]AuthConfig, len(configFile.Configs))

-	for k, authConfig := range configFile.Configs {

-		authCopy := authConfig

-

-		authCopy.Auth = encodeAuth(&authCopy)

-		authCopy.Username = ""

-		authCopy.Password = ""

-		authCopy.ServerAddress = ""

-		configs[k] = authCopy

-	}

-

-	b, err := json.Marshal(configs)

-	if err != nil {

-		return err

-	}

-	err = ioutil.WriteFile(confFile, b, 0600)

-	if err != nil {

-		return err

-	}

-	return nil

-}

-

-// try to register/login to the registry server

-func Login(authConfig *AuthConfig, factory *utils.HTTPRequestFactory) (string, error) {

-	var (

-		status        string

-		reqBody       []byte

-		err           error

-		client        = &http.Client{}

-		reqStatusCode = 0

-		serverAddress = authConfig.ServerAddress

-	)

-

-	if serverAddress == "" {

-		serverAddress = IndexServerAddress()

-	}

-

-	loginAgainstOfficialIndex := serverAddress == IndexServerAddress()

-

-	// to avoid sending the server address to the server it should be removed before being marshalled

-	authCopy := *authConfig

-	authCopy.ServerAddress = ""

-

-	jsonBody, err := json.Marshal(authCopy)

-	if err != nil {

-		return "", fmt.Errorf("Config Error: %s", err)

-	}

-

-	// using `bytes.NewReader(jsonBody)` here causes the server to respond with a 411 status.

-	b := strings.NewReader(string(jsonBody))

-	req1, err := http.Post(serverAddress+"users/", "application/json; charset=utf-8", b)

-	if err != nil {

-		return "", fmt.Errorf("Server Error: %s", err)

-	}

-	reqStatusCode = req1.StatusCode

-	defer req1.Body.Close()

-	reqBody, err = ioutil.ReadAll(req1.Body)

-	if err != nil {

-		return "", fmt.Errorf("Server Error: [%#v] %s", reqStatusCode, err)

-	}

-

-	if reqStatusCode == 201 {

-		if loginAgainstOfficialIndex {

-			status = "Account created. Please use the confirmation link we sent" +

-				" to your e-mail to activate it."

-		} else {

-			status = "Account created. Please see the documentation of the registry " + serverAddress + " for instructions how to activate it."

-		}

-	} else if reqStatusCode == 400 {

-		if string(reqBody) == "\"Username or email already exists\"" {

-			req, err := factory.NewRequest("GET", serverAddress+"users/", nil)

-			req.SetBasicAuth(authConfig.Username, authConfig.Password)

-			resp, err := client.Do(req)

-			if err != nil {

-				return "", err

-			}

-			defer resp.Body.Close()

-			body, err := ioutil.ReadAll(resp.Body)

-			if err != nil {

-				return "", err

-			}

-			if resp.StatusCode == 200 {

-				status = "Login Succeeded"

-			} else if resp.StatusCode == 401 {

-				return "", fmt.Errorf("Wrong login/password, please try again")

-			} else if resp.StatusCode == 403 {

-				if loginAgainstOfficialIndex {

-					return "", fmt.Errorf("Login: Account is not Active. Please check your e-mail for a confirmation link.")

-				}

-				return "", fmt.Errorf("Login: Account is not Active. Please see the documentation of the registry %s for instructions how to activate it.", serverAddress)

-			} else {

-				return "", fmt.Errorf("Login: %s (Code: %d; Headers: %s)", body, resp.StatusCode, resp.Header)

-			}

-		} else {

-			return "", fmt.Errorf("Registration: %s", reqBody)

-		}

-	} else if reqStatusCode == 401 {

-		// This case would happen with private registries where /v1/users is

-		// protected, so people can use `docker login` as an auth check.

-		req, err := factory.NewRequest("GET", serverAddress+"users/", nil)

-		req.SetBasicAuth(authConfig.Username, authConfig.Password)

-		resp, err := client.Do(req)

-		if err != nil {

-			return "", err

-		}

-		defer resp.Body.Close()

-		body, err := ioutil.ReadAll(resp.Body)

-		if err != nil {

-			return "", err

-		}

-		if resp.StatusCode == 200 {

-			status = "Login Succeeded"

-		} else if resp.StatusCode == 401 {

-			return "", fmt.Errorf("Wrong login/password, please try again")

-		} else {

-			return "", fmt.Errorf("Login: %s (Code: %d; Headers: %s)", body,

-				resp.StatusCode, resp.Header)

-		}

-	} else {

-		return "", fmt.Errorf("Unexpected status code [%d] : %s", reqStatusCode, reqBody)

-	}

-	return status, nil

-}

-

-// this method matches a auth configuration to a server address or a url

-func (config *ConfigFile) ResolveAuthConfig(hostname string) AuthConfig {

-	if hostname == IndexServerAddress() || len(hostname) == 0 {

-		// default to the index server

-		return config.Configs[IndexServerAddress()]

-	}

-

-	// First try the happy case

-	if c, found := config.Configs[hostname]; found {

-		return c

-	}

-

-	convertToHostname := func(url string) string {

-		stripped := url

-		if strings.HasPrefix(url, "http://") {

-			stripped = strings.Replace(url, "http://", "", 1)

-		} else if strings.HasPrefix(url, "https://") {

-			stripped = strings.Replace(url, "https://", "", 1)

-		}

-

-		nameParts := strings.SplitN(stripped, "/", 2)

-

-		return nameParts[0]

-	}

-

-	// Maybe they have a legacy config file, we will iterate the keys converting

-	// them to the new format and testing

-	normalizedHostename := convertToHostname(hostname)

-	for registry, config := range config.Configs {

-		if registryHostname := convertToHostname(registry); registryHostname == normalizedHostename {

-			return config

-		}

-	}

-

-	// When all else fails, return an empty auth config

-	return AuthConfig{}

-}

deleted file mode 100644

@@ -1,149 +0,0 @@

-package auth

-

-import (

-	"io/ioutil"

-	"os"

-	"testing"

-)

-

-func TestEncodeAuth(t *testing.T) {

-	newAuthConfig := &AuthConfig{Username: "ken", Password: "test", Email: "test@example.com"}

-	authStr := encodeAuth(newAuthConfig)

-	decAuthConfig := &AuthConfig{}

-	var err error

-	decAuthConfig.Username, decAuthConfig.Password, err = decodeAuth(authStr)

-	if err != nil {

-		t.Fatal(err)

-	}

-	if newAuthConfig.Username != decAuthConfig.Username {

-		t.Fatal("Encode Username doesn't match decoded Username")

-	}

-	if newAuthConfig.Password != decAuthConfig.Password {

-		t.Fatal("Encode Password doesn't match decoded Password")

-	}

-	if authStr != "a2VuOnRlc3Q=" {

-		t.Fatal("AuthString encoding isn't correct.")

-	}

-}

-

-func setupTempConfigFile() (*ConfigFile, error) {

-	root, err := ioutil.TempDir("", "docker-test-auth")

-	if err != nil {

-		return nil, err

-	}

-	configFile := &ConfigFile{

-		rootPath: root,

-		Configs:  make(map[string]AuthConfig),

-	}

-

-	for _, registry := range []string{"testIndex", IndexServerAddress()} {

-		configFile.Configs[registry] = AuthConfig{

-			Username: "docker-user",

-			Password: "docker-pass",

-			Email:    "docker@docker.io",

-		}

-	}

-

-	return configFile, nil

-}

-

-func TestSameAuthDataPostSave(t *testing.T) {

-	configFile, err := setupTempConfigFile()

-	if err != nil {

-		t.Fatal(err)

-	}

-	defer os.RemoveAll(configFile.rootPath)

-

-	err = SaveConfig(configFile)

-	if err != nil {

-		t.Fatal(err)

-	}

-

-	authConfig := configFile.Configs["testIndex"]

-	if authConfig.Username != "docker-user" {

-		t.Fail()

-	}

-	if authConfig.Password != "docker-pass" {

-		t.Fail()

-	}

-	if authConfig.Email != "docker@docker.io" {

-		t.Fail()

-	}

-	if authConfig.Auth != "" {

-		t.Fail()

-	}

-}

-

-func TestResolveAuthConfigIndexServer(t *testing.T) {

-	configFile, err := setupTempConfigFile()

-	if err != nil {

-		t.Fatal(err)

-	}

-	defer os.RemoveAll(configFile.rootPath)

-

-	for _, registry := range []string{"", IndexServerAddress()} {

-		resolved := configFile.ResolveAuthConfig(registry)

-		if resolved != configFile.Configs[IndexServerAddress()] {

-			t.Fail()

-		}

-	}

-}

-

-func TestResolveAuthConfigFullURL(t *testing.T) {

-	configFile, err := setupTempConfigFile()

-	if err != nil {

-		t.Fatal(err)

-	}

-	defer os.RemoveAll(configFile.rootPath)

-

-	registryAuth := AuthConfig{

-		Username: "foo-user",

-		Password: "foo-pass",

-		Email:    "foo@example.com",

-	}

-	localAuth := AuthConfig{

-		Username: "bar-user",

-		Password: "bar-pass",

-		Email:    "bar@example.com",

-	}

-	configFile.Configs["https://registry.example.com/v1/"] = registryAuth

-	configFile.Configs["http://localhost:8000/v1/"] = localAuth

-	configFile.Configs["registry.com"] = registryAuth

-

-	validRegistries := map[string][]string{

-		"https://registry.example.com/v1/": {

-			"https://registry.example.com/v1/",

-			"http://registry.example.com/v1/",

-			"registry.example.com",

-			"registry.example.com/v1/",

-		},

-		"http://localhost:8000/v1/": {

-			"https://localhost:8000/v1/",

-			"http://localhost:8000/v1/",

-			"localhost:8000",

-			"localhost:8000/v1/",

-		},

-		"registry.com": {

-			"https://registry.com/v1/",

-			"http://registry.com/v1/",

-			"registry.com",

-			"registry.com/v1/",

-		},

-	}

-

-	for configKey, registries := range validRegistries {

-		for _, registry := range registries {

-			var (

-				configured AuthConfig

-				ok         bool

-			)

-			resolved := configFile.ResolveAuthConfig(registry)

-			if configured, ok = configFile.Configs[configKey]; !ok {

-				t.Fail()

-			}

-			if resolved.Email != configured.Email {

-				t.Errorf("%s -> %q != %q\n", registry, resolved.Email, configured.Email)

-			}

-		}

-	}

-}

@@ -7,7 +7,6 @@ import (

 	"errors"

 	"fmt"

 	"github.com/dotcloud/docker/archive"

-	"github.com/dotcloud/docker/auth"

 	"github.com/dotcloud/docker/registry"

 	"github.com/dotcloud/docker/runconfig"

 	"github.com/dotcloud/docker/runtime"

@@ -49,8 +48,8 @@ type buildFile struct {

 	utilizeCache bool

 	rm           bool

-	authConfig *auth.AuthConfig

-	configFile *auth.ConfigFile

+	authConfig *registry.AuthConfig

+	configFile *registry.ConfigFile

 	tmpContainers map[string]struct{}

 	tmpImages     map[string]struct{}

@@ -793,7 +792,7 @@ func (b *buildFile) BuildStep(name, expression string) error {

 	return nil

 }

-func NewBuildFile(srv *Server, outStream, errStream io.Writer, verbose, utilizeCache, rm bool, outOld io.Writer, sf *utils.StreamFormatter, auth *auth.AuthConfig, authConfigFile *auth.ConfigFile) BuildFile {

+func NewBuildFile(srv *Server, outStream, errStream io.Writer, verbose, utilizeCache, rm bool, outOld io.Writer, sf *utils.StreamFormatter, auth *registry.AuthConfig, authConfigFile *registry.ConfigFile) BuildFile {

 	return &buildFile{

 		runtime:       srv.runtime,

 		srv:           srv,

@@ -4,7 +4,7 @@ import (

 	"crypto/rand"

 	"encoding/hex"

 	"fmt"

-	"github.com/dotcloud/docker/auth"

+	"github.com/dotcloud/docker/registry"

 	"os"

 	"strings"

 	"testing"

@@ -18,13 +18,13 @@ import (

 func TestLogin(t *testing.T) {

 	os.Setenv("DOCKER_INDEX_URL", "https://indexstaging-docker.dotcloud.com")

 	defer os.Setenv("DOCKER_INDEX_URL", "")

-	authConfig := &auth.AuthConfig{

+	authConfig := &registry.AuthConfig{

 		Username:      "unittester",

 		Password:      "surlautrerivejetattendrai",

 		Email:         "noise+unittester@docker.com",

 		ServerAddress: "https://indexstaging-docker.dotcloud.com/v1/",

 	}

-	status, err := auth.Login(authConfig, nil)

+	status, err := registry.Login(authConfig, nil)

 	if err != nil {

 		t.Fatal(err)

 	}

@@ -41,13 +41,13 @@ func TestCreateAccount(t *testing.T) {

 	}

 	token := hex.EncodeToString(tokenBuffer)[:12]

 	username := "ut" + token

-	authConfig := &auth.AuthConfig{

+	authConfig := &registry.AuthConfig{

 		Username:      username,

 		Password:      "test42",

 		Email:         fmt.Sprintf("docker-ut+%s@example.com", token),

 		ServerAddress: "https://indexstaging-docker.dotcloud.com/v1/",

 	}

-	status, err := auth.Login(authConfig, nil)

+	status, err := registry.Login(authConfig, nil)

 	if err != nil {

 		t.Fatal(err)

 	}

@@ -59,7 +59,7 @@ func TestCreateAccount(t *testing.T) {

 		t.Fatalf("Expected status: \"%s\", found \"%s\" instead.", expectedStatus, status)

 	}

-	status, err = auth.Login(authConfig, nil)

+	status, err = registry.Login(authConfig, nil)

 	if err == nil {

 		t.Fatalf("Expected error but found nil instead")

 	}

new file mode 100644

@@ -0,0 +1,290 @@

+package registry

+

+import (

+	"encoding/base64"

+	"encoding/json"

+	"errors"

+	"fmt"

+	"github.com/dotcloud/docker/utils"

+	"io/ioutil"

+	"net/http"

+	"os"

+	"path"

+	"strings"

+)

+

+// Where we store the config file

+const CONFIGFILE = ".dockercfg"

+

+// Only used for user auth + account creation

+const INDEXSERVER = "https://index.docker.io/v1/"

+

+//const INDEXSERVER = "https://indexstaging-docker.dotcloud.com/v1/"

+

+var (

+	ErrConfigFileMissing = errors.New("The Auth config file is missing")

+)

+

+type AuthConfig struct {

+	Username      string `json:"username,omitempty"`

+	Password      string `json:"password,omitempty"`

+	Auth          string `json:"auth"`

+	Email         string `json:"email"`

+	ServerAddress string `json:"serveraddress,omitempty"`

+}

+

+type ConfigFile struct {

+	Configs  map[string]AuthConfig `json:"configs,omitempty"`

+	rootPath string

+}

+

+func IndexServerAddress() string {

+	return INDEXSERVER

+}

+

+// create a base64 encoded auth string to store in config

+func encodeAuth(authConfig *AuthConfig) string {

+	authStr := authConfig.Username + ":" + authConfig.Password

+	msg := []byte(authStr)

+	encoded := make([]byte, base64.StdEncoding.EncodedLen(len(msg)))

+	base64.StdEncoding.Encode(encoded, msg)

+	return string(encoded)

+}

+

+// decode the auth string

+func decodeAuth(authStr string) (string, string, error) {

+	decLen := base64.StdEncoding.DecodedLen(len(authStr))

+	decoded := make([]byte, decLen)

+	authByte := []byte(authStr)

+	n, err := base64.StdEncoding.Decode(decoded, authByte)

+	if err != nil {

+		return "", "", err

+	}

+	if n > decLen {

+		return "", "", fmt.Errorf("Something went wrong decoding auth config")

+	}

+	arr := strings.SplitN(string(decoded), ":", 2)

+	if len(arr) != 2 {

+		return "", "", fmt.Errorf("Invalid auth configuration file")

+	}

+	password := strings.Trim(arr[1], "\x00")

+	return arr[0], password, nil

+}

+

+// load up the auth config information and return values

+// FIXME: use the internal golang config parser

+func LoadConfig(rootPath string) (*ConfigFile, error) {

+	configFile := ConfigFile{Configs: make(map[string]AuthConfig), rootPath: rootPath}

+	confFile := path.Join(rootPath, CONFIGFILE)

+	if _, err := os.Stat(confFile); err != nil {

+		return &configFile, nil //missing file is not an error

+	}

+	b, err := ioutil.ReadFile(confFile)

+	if err != nil {

+		return &configFile, err

+	}

+

+	if err := json.Unmarshal(b, &configFile.Configs); err != nil {

+		arr := strings.Split(string(b), "\n")

+		if len(arr) < 2 {

+			return &configFile, fmt.Errorf("The Auth config file is empty")

+		}

+		authConfig := AuthConfig{}

+		origAuth := strings.Split(arr[0], " = ")

+		if len(origAuth) != 2 {

+			return &configFile, fmt.Errorf("Invalid Auth config file")

+		}

+		authConfig.Username, authConfig.Password, err = decodeAuth(origAuth[1])

+		if err != nil {

+			return &configFile, err

+		}

+		origEmail := strings.Split(arr[1], " = ")

+		if len(origEmail) != 2 {

+			return &configFile, fmt.Errorf("Invalid Auth config file")

+		}

+		authConfig.Email = origEmail[1]

+		authConfig.ServerAddress = IndexServerAddress()

+		configFile.Configs[IndexServerAddress()] = authConfig

+	} else {

+		for k, authConfig := range configFile.Configs {

+			authConfig.Username, authConfig.Password, err = decodeAuth(authConfig.Auth)

+			if err != nil {

+				return &configFile, err

+			}

+			authConfig.Auth = ""

+			configFile.Configs[k] = authConfig

+			authConfig.ServerAddress = k

+		}

+	}

+	return &configFile, nil

+}

+

+// save the auth config

+func SaveConfig(configFile *ConfigFile) error {

+	confFile := path.Join(configFile.rootPath, CONFIGFILE)

+	if len(configFile.Configs) == 0 {

+		os.Remove(confFile)

+		return nil

+	}

+

+	configs := make(map[string]AuthConfig, len(configFile.Configs))

+	for k, authConfig := range configFile.Configs {

+		authCopy := authConfig

+

+		authCopy.Auth = encodeAuth(&authCopy)

+		authCopy.Username = ""

+		authCopy.Password = ""

+		authCopy.ServerAddress = ""

+		configs[k] = authCopy

+	}

+

+	b, err := json.Marshal(configs)

+	if err != nil {

+		return err

+	}