@@ -70,10 +70,10 @@ func (config *Config) InstallFlags(cmd *flag.FlagSet, usageFn func(string) strin

 	cmd.StringVar(&config.Bridge.Iface, []string{"b", "-bridge"}, "", usageFn("Attach containers to a network bridge"))

 	cmd.StringVar(&config.Bridge.FixedCIDR, []string{"-fixed-cidr"}, "", usageFn("IPv4 subnet for fixed IPs"))

 	cmd.StringVar(&config.Bridge.FixedCIDRv6, []string{"-fixed-cidr-v6"}, "", usageFn("IPv6 subnet for fixed IPs"))

-	cmd.Var(opts.NewIpOpt(&config.Bridge.DefaultGatewayIPv4, ""), []string{"-default-gateway"}, usageFn("Container default gateway IPv4 address"))

-	cmd.Var(opts.NewIpOpt(&config.Bridge.DefaultGatewayIPv6, ""), []string{"-default-gateway-v6"}, usageFn("Container default gateway IPv6 address"))

+	cmd.Var(opts.NewIPOpt(&config.Bridge.DefaultGatewayIPv4, ""), []string{"-default-gateway"}, usageFn("Container default gateway IPv4 address"))

+	cmd.Var(opts.NewIPOpt(&config.Bridge.DefaultGatewayIPv6, ""), []string{"-default-gateway-v6"}, usageFn("Container default gateway IPv6 address"))

 	cmd.BoolVar(&config.Bridge.InterContainerCommunication, []string{"#icc", "-icc"}, true, usageFn("Enable inter-container communication"))

-	cmd.Var(opts.NewIpOpt(&config.Bridge.DefaultIP, "0.0.0.0"), []string{"#ip", "-ip"}, usageFn("Default IP when binding container ports"))

+	cmd.Var(opts.NewIPOpt(&config.Bridge.DefaultIP, "0.0.0.0"), []string{"#ip", "-ip"}, usageFn("Default IP when binding container ports"))

 	cmd.BoolVar(&config.Bridge.EnableUserlandProxy, []string{"-userland-proxy"}, true, usageFn("Use userland proxy for loopback traffic"))

 	cmd.BoolVar(&config.EnableCors, []string{"#api-enable-cors", "#-api-enable-cors"}, false, usageFn("Enable CORS headers in the remote API, this is deprecated by --api-cors-header"))

 	cmd.StringVar(&config.CorsHeaders, []string{"-api-cors-header"}, "", usageFn("Set CORS headers in the remote API"))

@@ -669,7 +669,7 @@ func NewDaemon(config *Config, registryService *registry.Service) (daemon *Daemo

 	if err := system.MkdirAll(trustDir, 0700); err != nil {

 		return nil, err

 	}

-	trustService, err := trust.NewTrustStore(trustDir)

+	trustService, err := trust.NewStore(trustDir)

 	if err != nil {

 		return nil, fmt.Errorf("could not create trust store: %s", err)

 	}

@@ -40,7 +40,7 @@ type TagStore struct {

 	pushingPool     map[string]chan struct{}

 	registryService *registry.Service

 	eventsService   *events.Events

-	trustService    *trust.TrustStore

+	trustService    *trust.Store

 }

 // Repository maps tags to image IDs.

@@ -77,7 +77,7 @@ type TagStoreConfig struct {

 	// Events is the events service to use for logging.

 	Events *events.Events

 	// Trust is the trust service to use for push and pull operations.

-	Trust *trust.TrustStore

+	Trust *trust.Store

 }

 // NewTagStore creates a new TagStore at specified path, using the parameters

@@ -63,7 +63,7 @@ func mkTestTagStore(root string, t *testing.T) *TagStore {

 		t.Fatal(err)

 	}

-	trust, err := trust.NewTrustStore(root + "/trust")

+	trust, err := trust.NewStore(root + "/trust")

 	if err != nil {

 		t.Fatal(err)

 	}

@@ -44,6 +44,7 @@ packages=(

 	graph/tags

 	image

 	integration-cli

+	opts

 	pkg/archive

 	pkg/broadcastwriter

 	pkg/chrootarchive

@@ -97,6 +98,7 @@ packages=(

 	pkg/version

 	registry

 	runconfig

+	trust

 	utils

 	volume

 	volume/local

@@ -9,13 +9,13 @@ import (

 )

 var (

-	// EnvironmentVariableRegexp A regexp to validate correct environment variables

+	// EnvironmentVariableRegexp is a regexp to validate correct environment variables

 	// Environment variables set by the user must have a name consisting solely of

 	// alphabetics, numerics, and underscores - the first of which must not be numeric.

 	EnvironmentVariableRegexp = regexp.MustCompile("^[[:alpha:]_][[:alpha:][:digit:]_]*$")

 )

-// ParseEnvFile Read in a line delimited file with environment variables enumerated

+// ParseEnvFile reads a file with environment variables enumerated by lines

 func ParseEnvFile(filename string) ([]string, error) {

 	fh, err := os.Open(filename)

 	if err != nil {

@@ -4,4 +4,5 @@ package opts

 import "fmt"

+// DefaultHost constant defines the default host string used by docker on other hosts than Windows

 var DefaultHost = fmt.Sprintf("unix://%s", DefaultUnixSocket)

@@ -4,4 +4,5 @@ package opts

 import "fmt"

+// DefaultHost constant defines the default host string used by docker on Windows

 var DefaultHost = fmt.Sprintf("tcp://%s:%d", DefaultHTTPHost, DefaultHTTPPort)

@@ -5,20 +5,25 @@ import (

 	"net"

 )

-// IpOpt type that hold an IP

-type IpOpt struct {

+// IPOpt holds an IP. It is used to store values from CLI flags.

+type IPOpt struct {

 	*net.IP

 }

-func NewIpOpt(ref *net.IP, defaultVal string) *IpOpt {

-	o := &IpOpt{

+// NewIPOpt creates a new IPOpt from a reference net.IP and a

+// string representation of an IP. If the string is not a valid

+// IP it will fallback to the specified reference.

+func NewIPOpt(ref *net.IP, defaultVal string) *IPOpt {

+	o := &IPOpt{

 		IP: ref,

 	}

 	o.Set(defaultVal)

 	return o

 }

-func (o *IpOpt) Set(val string) error {

+// Set sets an IPv4 or IPv6 address from a given string. If the given

+// string is not parsable as an IP address it returns an error.

+func (o *IPOpt) Set(val string) error {

 	ip := net.ParseIP(val)

 	if ip == nil {

 		return fmt.Errorf("%s is not an ip address", val)

@@ -27,7 +32,9 @@ func (o *IpOpt) Set(val string) error {

 	return nil

 }

-func (o *IpOpt) String() string {

+// String returns the IP address stored in the IPOpt. If stored IP is a

+// nil pointer, it returns an empty string.

+func (o *IPOpt) String() string {

 	if *o.IP == nil {

 		return ""

 	}

@@ -10,7 +10,7 @@ func TestIpOptString(t *testing.T) {

 	var ip net.IP

 	for _, address := range addresses {

-		stringAddress := NewIpOpt(&ip, address).String()

+		stringAddress := NewIPOpt(&ip, address).String()

 		if stringAddress != address {

 			t.Fatalf("IpOpt string should be `%s`, not `%s`", address, stringAddress)

 		}

@@ -21,7 +21,7 @@ func TestNewIpOptInvalidDefaultVal(t *testing.T) {

 	ip := net.IPv4(127, 0, 0, 1)

 	defaultVal := "Not an ip"

-	ipOpt := NewIpOpt(&ip, defaultVal)

+	ipOpt := NewIPOpt(&ip, defaultVal)

 	expected := "127.0.0.1"

 	if ipOpt.String() != expected {

@@ -33,7 +33,7 @@ func TestNewIpOptValidDefaultVal(t *testing.T) {

 	ip := net.IPv4(127, 0, 0, 1)

 	defaultVal := "192.168.1.1"

-	ipOpt := NewIpOpt(&ip, defaultVal)

+	ipOpt := NewIPOpt(&ip, defaultVal)

 	expected := "192.168.1.1"

 	if ipOpt.String() != expected {

@@ -43,11 +43,11 @@ func TestNewIpOptValidDefaultVal(t *testing.T) {

 func TestIpOptSetInvalidVal(t *testing.T) {

 	ip := net.IPv4(127, 0, 0, 1)

-	ipOpt := &IpOpt{IP: &ip}

+	ipOpt := &IPOpt{IP: &ip}

-	invalidIp := "invalid ip"

+	invalidIP := "invalid ip"

 	expectedError := "invalid ip is not an ip address"

-	err := ipOpt.Set(invalidIp)

+	err := ipOpt.Set(invalidIP)

 	if err == nil || err.Error() != expectedError {

 		t.Fatalf("Expected an Error with [%v], got [%v]", expectedError, err.Error())

 	}

@@ -27,18 +27,19 @@ var (

 	DefaultUnixSocket = "/var/run/docker.sock"

 )

-// ListOpts type that hold a list of values and a validation function.

+// ListOpts holds a list of values and a validation function.

 type ListOpts struct {

 	values    *[]string

 	validator ValidatorFctType

 }

-// NewListOpts Create a new ListOpts with the specified validator.

+// NewListOpts creates a new ListOpts with the specified validator.

 func NewListOpts(validator ValidatorFctType) ListOpts {

 	var values []string

 	return *NewListOptsRef(&values, validator)

 }

+// NewListOptsRef creates a new ListOpts with the specified values and validator.

 func NewListOptsRef(values *[]string, validator ValidatorFctType) *ListOpts {

 	return &ListOpts{

 		values:    values,

@@ -64,7 +65,7 @@ func (opts *ListOpts) Set(value string) error {

 	return nil

 }

-// Delete remove the given element from the slice.

+// Delete removes the specified element from the slice.

 func (opts *ListOpts) Delete(key string) {

 	for i, k := range *opts.values {

 		if k == key {

@@ -85,13 +86,13 @@ func (opts *ListOpts) GetMap() map[string]struct{} {

 	return ret

 }

-// GetAll returns the values' slice.

+// GetAll returns the values of slice.

 // FIXME: Can we remove this?

 func (opts *ListOpts) GetAll() []string {

 	return (*opts.values)

 }

-// Get checks the existence of the given key.

+// Get checks the existence of the specified key.

 func (opts *ListOpts) Get(key string) bool {

 	for _, k := range *opts.values {

 		if k == key {

@@ -106,7 +107,7 @@ func (opts *ListOpts) Len() int {

 	return len((*opts.values))

 }

-//MapOpts type that holds a map of values and a validation function.

+//MapOpts holds a map of values and a validation function.

 type MapOpts struct {

 	values    map[string]string

 	validator ValidatorFctType

@@ -131,6 +132,7 @@ func (opts *MapOpts) Set(value string) error {

 	return nil

 }

+// GetAll returns the values of MapOpts as a map.

 func (opts *MapOpts) GetAll() map[string]string {

 	return opts.values

 }

@@ -139,6 +141,7 @@ func (opts *MapOpts) String() string {

 	return fmt.Sprintf("%v", map[string]string((opts.values)))

 }

+// NewMapOpts creates a new MapOpts with the specified map of values and a validator.

 func NewMapOpts(values map[string]string, validator ValidatorFctType) *MapOpts {

 	if values == nil {

 		values = make(map[string]string)

@@ -149,13 +152,13 @@ func NewMapOpts(values map[string]string, validator ValidatorFctType) *MapOpts {

 	}

 }

-// ValidatorFctType validator that return a validate string and/or an error

+// ValidatorFctType defines a validator function that returns a validated string and/or an error.

 type ValidatorFctType func(val string) (string, error)

-// ValidatorFctListType validator that return a validate list of string and/or an error

+// ValidatorFctListType defines a validator function that returns a validated list of string and/or an error

 type ValidatorFctListType func(val string) ([]string, error)

-// ValidateAttach Validates that the specified string is a valid attach option.

+// ValidateAttach validates that the specified string is a valid attach option.

 func ValidateAttach(val string) (string, error) {

 	s := strings.ToLower(val)

 	for _, str := range []string{"stdin", "stdout", "stderr"} {

@@ -166,7 +169,7 @@ func ValidateAttach(val string) (string, error) {

 	return val, fmt.Errorf("valid streams are STDIN, STDOUT and STDERR")

 }

-// ValidateLink Validates that the specified string has a valid link format (containerName:alias).

+// ValidateLink validates that the specified string has a valid link format (containerName:alias).

 func ValidateLink(val string) (string, error) {

 	if _, _, err := parsers.ParseLink(val); err != nil {

 		return val, err

@@ -194,18 +197,18 @@ func ValidDeviceMode(mode string) bool {

 	return true

 }

-// ValidateDevice Validate a path for devices

+// ValidateDevice validates a path for devices

 // It will make sure 'val' is in the form:

 //    [host-dir:]container-path[:mode]

-// It will also validate the device mode.

+// It also validates the device mode.

 func ValidateDevice(val string) (string, error) {

 	return validatePath(val, ValidDeviceMode)

 }

-// ValidatePath Validate a path for volumes

+// ValidatePath validates a path for volumes

 // It will make sure 'val' is in the form:

 //    [host-dir:]container-path[:rw|ro]

-// It will also validate the mount mode.

+// It also validates the mount mode.

 func ValidatePath(val string) (string, error) {

 	return validatePath(val, volume.ValidMountMode)

 }

@@ -250,8 +253,8 @@ func validatePath(val string, validator func(string) bool) (string, error) {

 	return val, nil

 }

-// ValidateEnv Validate an environment variable and returns it

-// It will use EnvironmentVariableRegexp to ensure the name of the environment variable is valid.

+// ValidateEnv validates an environment variable and returns it.

+// It uses EnvironmentVariableRegexp to ensure the name of the environment variable is valid.

 // If no value is specified, it returns the current value using os.Getenv.

 func ValidateEnv(val string) (string, error) {

 	arr := strings.Split(val, "=")

@@ -267,7 +270,7 @@ func ValidateEnv(val string) (string, error) {

 	return fmt.Sprintf("%s=%s", val, os.Getenv(val)), nil

 }

-// ValidateIPAddress Validates an Ip address

+// ValidateIPAddress validates an Ip address.

 func ValidateIPAddress(val string) (string, error) {

 	var ip = net.ParseIP(strings.TrimSpace(val))

 	if ip != nil {

@@ -276,7 +279,7 @@ func ValidateIPAddress(val string) (string, error) {

 	return "", fmt.Errorf("%s is not an ip address", val)

 }

-// ValidateMACAddress Validates a MAC address

+// ValidateMACAddress validates a MAC address.

 func ValidateMACAddress(val string) (string, error) {

 	_, err := net.ParseMAC(strings.TrimSpace(val))

 	if err != nil {

@@ -285,8 +288,8 @@ func ValidateMACAddress(val string) (string, error) {

 	return val, nil

 }

-// ValidateDNSSearch Validates domain for resolvconf search configuration.

-// A zero length domain is represented by .

+// ValidateDNSSearch validates domain for resolvconf search configuration.

+// A zero length domain is represented by a dot (.).

 func ValidateDNSSearch(val string) (string, error) {

 	if val = strings.Trim(val, " "); val == "." {

 		return val, nil

@@ -305,8 +308,8 @@ func validateDomain(val string) (string, error) {

 	return "", fmt.Errorf("%s is not a valid domain", val)

 }

-// ValidateExtraHost Validate that the given string is a valid extrahost and returns it

-// ExtraHost are in the form of name:ip where the ip has to be a valid ip (ipv4 or ipv6)

+// ValidateExtraHost validates that the specified string is a valid extrahost and returns it.

+// ExtraHost are in the form of name:ip where the ip has to be a valid ip (ipv4 or ipv6).

 func ValidateExtraHost(val string) (string, error) {

 	// allow for IPv6 addresses in extra hosts by only splitting on first ":"

 	arr := strings.SplitN(val, ":", 2)

@@ -319,8 +322,8 @@ func ValidateExtraHost(val string) (string, error) {

 	return val, nil

 }

-// ValidateLabel Validate that the given string is a valid label, and returns it

-// Labels are in the form on key=value

+// ValidateLabel validates that the specified string is a valid label, and returns it.

+// Labels are in the form on key=value.

 func ValidateLabel(val string) (string, error) {

 	if strings.Count(val, "=") < 1 {

 		return "", fmt.Errorf("bad attribute format: %s", val)

@@ -328,7 +331,7 @@ func ValidateLabel(val string) (string, error) {

 	return val, nil

 }

-// ValidateHost Validate that the given string is a valid host and returns it

+// ValidateHost validates that the specified string is a valid host and returns it.

 func ValidateHost(val string) (string, error) {

 	host, err := parsers.ParseHost(DefaultHTTPHost, DefaultUnixSocket, val)

 	if err != nil {

@@ -6,10 +6,12 @@ import (

 	"github.com/docker/docker/pkg/ulimit"

 )

+// UlimitOpt defines a map of Ulimits

 type UlimitOpt struct {

 	values *map[string]*ulimit.Ulimit

 }

+// NewUlimitOpt creates a new UlimitOpt

 func NewUlimitOpt(ref *map[string]*ulimit.Ulimit) *UlimitOpt {

 	if ref == nil {

 		ref = &map[string]*ulimit.Ulimit{}

@@ -17,6 +19,7 @@ func NewUlimitOpt(ref *map[string]*ulimit.Ulimit) *UlimitOpt {

 	return &UlimitOpt{ref}

 }

+// Set validates a Ulimit and sets its name as a key in UlimitOpt

 func (o *UlimitOpt) Set(val string) error {

 	l, err := ulimit.Parse(val)

 	if err != nil {

@@ -28,6 +31,7 @@ func (o *UlimitOpt) Set(val string) error {

 	return nil

 }

+// String returns Ulimit values as a string.

 func (o *UlimitOpt) String() string {

 	var out []string

 	for _, v := range *o.values {

@@ -37,6 +41,7 @@ func (o *UlimitOpt) String() string {

 	return fmt.Sprintf("%v", out)

 }

+// GetList returns a slice of pointers to Ulimits.

 func (o *UlimitOpt) GetList() []*ulimit.Ulimit {

 	var ulimits []*ulimit.Ulimit

 	for _, v := range *o.values {

@@ -8,13 +8,17 @@ import (

 	"github.com/docker/libtrust"

 )

+// NotVerifiedError reports a error when doing the key check.

+// For example if the graph is not verified or the key has expired.

 type NotVerifiedError string

 func (e NotVerifiedError) Error() string {

 	return string(e)

 }

-func (t *TrustStore) CheckKey(ns string, key []byte, perm uint16) (bool, error) {

+// CheckKey verifies that the given public key is allowed to perform

+// the given action on the given node according to the trust graph.

+func (t *Store) CheckKey(ns string, key []byte, perm uint16) (bool, error) {

 	if len(key) == 0 {

 		return false, fmt.Errorf("Missing PublicKey")

 	}

@@ -48,6 +52,8 @@ func (t *TrustStore) CheckKey(ns string, key []byte, perm uint16) (bool, error)

 	return true, nil

 }

-func (t *TrustStore) UpdateBase() {

+// UpdateBase retrieves updated base graphs. This function cannot error, it

+// should only log errors.

+func (t *Store) UpdateBase() {

 	t.fetch()

 }

@@ -17,7 +17,10 @@ import (

 	"github.com/docker/libtrust/trustgraph"

 )

-type TrustStore struct {

+// Store defines a TrustStore : stores trusted certificates and permissions

+// which are used to verify the signature keys on manifests.

+// Note: This is being deprecated by the notary work.

+type Store struct {

 	path          string

 	caPool        *x509.CertPool

 	graph         trustgraph.TrustGraph

@@ -38,7 +41,9 @@ const defaultFetchtime = 45 * time.Second

 var baseEndpoints = map[string]string{"official": "https://dvjy3tqbc323p.cloudfront.net/trust/official.json"}

-func NewTrustStore(path string) (*TrustStore, error) {

+// NewStore creates a TrustStore from a given path, if the path is not

+// relative, it will be joined with the working directory.

+func NewStore(path string) (*Store, error) {

 	abspath, err := filepath.Abs(path)

 	if err != nil {

 		return nil, err

@@ -55,7 +60,7 @@ func NewTrustStore(path string) (*TrustStore, error) {

 	}

 	// Load grant files

-	t := &TrustStore{

+	t := &Store{

 		path:          abspath,

 		caPool:        nil,

 		httpClient:    &http.Client{},

@@ -70,7 +75,7 @@ func NewTrustStore(path string) (*TrustStore, error) {

 	return t, nil

 }

-func (t *TrustStore) reload() error {

+func (t *Store) reload() error {

 	t.Lock()

 	defer t.Unlock()

@@ -121,7 +126,7 @@ func (t *TrustStore) reload() error {

 	return nil

 }

-func (t *TrustStore) fetchBaseGraph(u *url.URL) (*trustgraph.Statement, error) {

+func (t *Store) fetchBaseGraph(u *url.URL) (*trustgraph.Statement, error) {

 	req := &http.Request{

 		Method:     "GET",

 		URL:        u,

@@ -146,9 +151,9 @@ func (t *TrustStore) fetchBaseGraph(u *url.URL) (*trustgraph.Statement, error) {

 	return trustgraph.LoadStatement(resp.Body, t.caPool)

 }

-// fetch retrieves updated base graphs.  This function cannot error, it

+// fetch retrieves updated base graphs. This function cannot error, it

 // should only log errors

-func (t *TrustStore) fetch() {

+func (t *Store) fetch() {

 	t.Lock()

 	defer t.Unlock()