coreos-cloudinit: bump to 1.0.0

drop-in: add support for drop-ins

.gitignore

@@ -1,3 +1,4 @@
 *.swp
 bin/
-pkg/
+coverage/
+gopath/

.travis.yml

@@ -0,0 +1,11 @@
+language: go
+go:
+  - 1.3
+  - 1.2
+
+install:
+ - go get code.google.com/p/go.tools/cmd/cover
+ - go get code.google.com/p/go.tools/cmd/vet
+
+script:
+ - ./test

CONTRIBUTING.md

@@ -0,0 +1,68 @@
+# How to Contribute
+
+CoreOS projects are [Apache 2.0 licensed](LICENSE) and accept contributions via
+GitHub pull requests.  This document outlines some of the conventions on
+development workflow, commit message formatting, contact points and other
+resources to make it easier to get your contribution accepted.
+
+# Certificate of Origin
+
+By contributing to this project you agree to the Developer Certificate of
+Origin (DCO). This document was created by the Linux Kernel community and is a
+simple statement that you, as a contributor, have the legal right to make the
+contribution. See the [DCO](DCO) file for details.
+
+# Email and Chat
+
+The project currently uses the general CoreOS email list and IRC channel:
+- Email: [coreos-dev](https://groups.google.com/forum/#!forum/coreos-dev)
+- IRC: #[coreos](irc://irc.freenode.org:6667/#coreos) IRC channel on freenode.org
+
+## Getting Started
+
+- Fork the repository on GitHub
+- Read the [README](README.md) for build and test instructions
+- Play with the project, submit bugs, submit patches!
+
+## Contribution Flow
+
+This is a rough outline of what a contributor's workflow looks like:
+
+- Create a topic branch from where you want to base your work (usually master).
+- Make commits of logical units.
+- Make sure your commit messages are in the proper format (see below).
+- Push your changes to a topic branch in your fork of the repository.
+- Make sure the tests pass, and add any new tests as appropriate.
+- Submit a pull request to the original repository.
+
+Thanks for your contributions!
+
+### Format of the Commit Message
+
+We follow a rough convention for commit messages that is designed to answer two
+questions: what changed and why. The subject line should feature the what and
+the body of the commit should describe the why.
+
+```
+environment: write new keys in consistent order
+
+Go 1.3 randomizes the ordering of keys when iterating over a map.
+Sort the keys to make this ordering consistent.
+
+Fixes #38
+```
+
+The format can be described more formally as follows:
+
+```
+<subsystem>: <what changed>
+<BLANK LINE>
+<why this change was made>
+<BLANK LINE>
+<footer>
+```
+
+The first line is the subject and should be no longer than 70 characters, the
+second line is always blank, and other lines should be wrapped at 80 characters.
+This allows the message to be easier to read on GitHub as well as in various
+git tools.

DCO

@@ -0,0 +1,36 @@
+Developer Certificate of Origin
+Version 1.1
+
+Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
+660 York Street, Suite 102,
+San Francisco, CA 94110 USA
+
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+
+
+Developer's Certificate of Origin 1.1
+
+By making a contribution to this project, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+    have the right to submit it under the open source license
+    indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+    of my knowledge, is covered under an appropriate open source
+    license and I have the right under that license to submit that
+    work with modifications, whether created in whole or in part
+    by me, under the same open source license (unless I am
+    permitted to submit under a different license), as indicated
+    in the file; or
+
+(c) The contribution was provided directly to me by some other
+    person who certified (a), (b) or (c) and I have not modified
+    it.
+
+(d) I understand and agree that this project and the contribution
+    are public and that a record of the contribution (including all
+    personal information I submit with it, including my sign-off) is
+    maintained indefinitely and may be redistributed consistent with
+    this project or the open source license(s) involved.

Documentation/cloud-config-oem.md

@@ -0,0 +1,37 @@
+## OEM configuration
+
+The `coreos.oem.*` parameters follow the [os-release spec][os-release], but have been repurposed as a way for coreos-cloudinit to know about the OEM partition on this machine. Customizing this section is only needed when generating a new OEM of CoreOS from the SDK. The fields include:
+
+- **id**: Lowercase string identifying the OEM
+- **name**: Human-friendly string representing the OEM
+- **version-id**: Lowercase string identifying the version of the OEM
+- **home-url**: Link to the homepage of the provider or OEM
+- **bug-report-url**: Link to a place to file bug reports about this OEM
+
+coreos-cloudinit renders these fields to `/etc/oem-release`.
+If no **id** field is provided, coreos-cloudinit will ignore this section.
+
+For example, the following cloud-config document...
+
+```yaml
+#cloud-config
+coreos:
+  oem:
+    id: rackspace
+    name: Rackspace Cloud Servers
+    version-id: 168.0.0
+    home-url: https://www.rackspace.com/cloud/servers/
+    bug-report-url: https://github.com/coreos/coreos-overlay
+```
+
+...would be rendered to the following `/etc/oem-release`:
+
+```yaml
+ID=rackspace
+NAME="Rackspace Cloud Servers"
+VERSION_ID=168.0.0
+HOME_URL="https://www.rackspace.com/cloud/servers/"
+BUG_REPORT_URL="https://github.com/coreos/coreos-overlay"
+```
+
+[os-release]: http://www.freedesktop.org/software/systemd/man/os-release.html

Documentation/cloud-config.md

@@ -1,92 +1,166 @@
-# Customize with Cloud-Config
+# Using Cloud-Config
 
-CoreOS allows you to configure networking, create users, launch systemd units on startup and more. We've designed our implementation to allow the same cloud-config file to work across all of our supported platforms.
+CoreOS allows you to declaratively customize various OS-level items, such as network configuration, user accounts, and systemd units. This document describes the full list of items we can configure. The `coreos-cloudinit` program uses these files as it configures the OS after startup or during runtime. Your cloud-config is processed during each boot.
 
-Only a subset of [cloud-config functionality][cloud-config] is implemented. A set of custom parameters were added to the cloud-config format that are specific to CoreOS. An example file containing all available options can be found at the bottom of this page.
+## Configuration File
 
+The file used by this system initialization program is called a "cloud-config" file. It is inspired by the [cloud-init][cloud-init] project's [cloud-config][cloud-config] file, which is "the defacto multi-distribution package that handles early initialization of a cloud instance" ([cloud-init docs][cloud-init-docs]). Because the cloud-init project includes tools which aren't used by CoreOS, only the relevant subset of its configuration items will be implemented in our cloud-config file. In addition to those, we added a few CoreOS-specific items, such as etcd configuration, OEM definition, and systemd units.
+
+We've designed our implementation to allow the same cloud-config file to work across all of our supported platforms.
+
+[cloud-init]: https://launchpad.net/cloud-init
+[cloud-init-docs]: http://cloudinit.readthedocs.org/en/latest/index.html
 [cloud-config]: http://cloudinit.readthedocs.org/en/latest/topics/format.html#cloud-config-data
 
-## CoreOS Parameters
+### File Format
 
-### coreos.etcd
+The cloud-config file uses the [YAML][yaml] file format, which uses whitespace and new-lines to delimit lists, associative arrays, and values.
 
-The `coreos.etcd.*` options are translated to a partial systemd unit acting as an etcd configuration file.
-We can use the templating feature of coreos-cloudinit to automate etcd configuration with the `$private_ipv4` and `$public_ipv4` fields. For example, the following cloud-config document...
+A cloud-config file must contain `#cloud-config`, followed by an associative array which has zero or more of the following keys:
 
-```
+- `coreos`
+- `ssh_authorized_keys`
+- `hostname`
+- `users`
+- `write_files`
+- `manage_etc_hosts`
+
+The expected values for these keys are defined in the rest of this document.
+
+[yaml]: https://en.wikipedia.org/wiki/YAML
+
+### Providing Cloud-Config with Config-Drive
+
+CoreOS tries to conform to each platform's native method to provide user data. Each cloud provider tends to be unique, but this complexity has been abstracted by CoreOS. You can view each platform's instructions on their documentation pages. The most universal way to provide cloud-config is [via config-drive](https://github.com/coreos/coreos-cloudinit/blob/master/Documentation/config-drive.md), which attaches a read-only device to the machine, that contains your cloud-config file.
+
+## Configuration Parameters
+
+### coreos
+
+#### etcd
+
+The `coreos.etcd.*` parameters will be translated to a partial systemd unit acting as an etcd configuration file.
+If the platform environment supports the templating feature of coreos-cloudinit it is possible to automate etcd configuration with the `$private_ipv4` and `$public_ipv4` fields. For example, the following cloud-config document...
+
+```yaml
 #cloud-config
 
 coreos:
-    etcd:
-        name: node001
-        discovery: https://discovery.etcd.io/3445fa65423d8b04df07f59fb40218f8
-        addr: $public_ipv4:4001
-        peer-addr: $private_ipv4:7001
+  etcd:
+      name: node001
+      # generate a new token for each unique cluster from https://discovery.etcd.io/new
+      discovery: https://discovery.etcd.io/<token>
+      # multi-region and multi-cloud deployments need to use $public_ipv4
+      addr: $public_ipv4:4001
+      peer-addr: $private_ipv4:7001
 ```
 
 ...will generate a systemd unit drop-in like this:
 
-```
+```yaml
 [Service]
 Environment="ETCD_NAME=node001"
-Environment="ETCD_DISCOVERY=https://discovery.etcd.io/3445fa65423d8b04df07f59fb40218f8"
+Environment="ETCD_DISCOVERY=https://discovery.etcd.io/<token>"
 Environment="ETCD_ADDR=203.0.113.29:4001"
 Environment="ETCD_PEER_ADDR=192.0.2.13:7001"
 ```
 
-For more information about the available configuration options, see the [etcd documentation][etcd-config].
-Note that hyphens in the coreos.etcd.* keys are mapped to underscores.
+For more information about the available configuration parameters, see the [etcd documentation][etcd-config].
+
+_Note: The `$private_ipv4` and `$public_ipv4` substitution variables referenced in other documents are only supported on Amazon EC2, Google Compute Engine, OpenStack, Rackspace, DigitalOcean, and Vagrant._
 
 [etcd-config]: https://github.com/coreos/etcd/blob/master/Documentation/configuration.md
 
-### coreos.oem
+#### fleet
 
-These fields are borrowed from the [os-release spec][os-release] and repurposed
-as a way for coreos-cloudinit to know about the OEM partition on this machine:
+The `coreos.fleet.*` parameters work very similarly to `coreos.etcd.*`, and allow for the configuration of fleet through environment variables. For example, the following cloud-config document...
 
-- **id**: Lowercase string identifying the OEM
-- **name**: Human-friendly string representing the OEM
-- **version-id**: Lowercase string identifying the version of the OEM
-- **home-url**: Link to the homepage of the provider or OEM
-- **bug-report-url**: Link to a place to file bug reports about this OEM
+```yaml
+#cloud-config
 
-coreos-cloudinit renders these fields to `/etc/oem-release`.
-If no **id** field is provided, coreos-cloudinit will ignore this section.
+coreos:
+  fleet:
+      public-ip: $public_ipv4
+      metadata: region=us-west
+```
 
-For example, the following cloud-config document...
+...will generate a systemd unit drop-in like this:
+
+```yaml
+[Service]
+Environment="FLEET_PUBLIC_IP=203.0.113.29"
+Environment="FLEET_METADATA=region=us-west"
+```
+
+For more information on fleet configuration, see the [fleet documentation][fleet-config].
+
+[fleet-config]: https://github.com/coreos/fleet/blob/master/Documentation/deployment-and-configuration.md#configuration
+
+#### flannel
+
+The `coreos.flannel.*` parameters also work very similarly to `coreos.etcd.*` and `coreos.fleet.*`. They can be used to set enviornment variables for flanneld. Given the following cloud-config...
+
+```yaml
+#cloud-config
+
+coreos:
+  flannel:
+      etcd-prefix: /coreos.com/network2
+```
+
+...will generate systemd unit drop-in like so:
 
 ```
+[Service]
+Environment="FLANNELD_ETCD_PREFIX=/coreos.com/network2"
+```
+
+For complete list of flannel configuraion parameters, see the [flannel documentation][flannel-readme].
+
+[flannel-readme]: https://github.com/coreos/flannel/blob/master/README.md
+
+#### update
+
+The `coreos.update.*` parameters manipulate settings related to how CoreOS instances are updated.
+
+These fields will be written out to and replace `/etc/coreos/update.conf`. If only one of the parameters is given it will only overwrite the given field. 
+The `reboot-strategy` parameter also affects the behaviour of [locksmith](https://github.com/coreos/locksmith). 
+
+- **reboot-strategy**: One of "reboot", "etcd-lock", "best-effort" or "off" for controlling when reboots are issued after an update is performed.
+  - _reboot_: Reboot immediately after an update is applied.
+  - _etcd-lock_: Reboot after first taking a distributed lock in etcd, this guarantees that only one host will reboot concurrently and that the cluster will remain available during the update.
+  - _best-effort_ - If etcd is running, "etcd-lock", otherwise simply "reboot".
+  - _off_ - Disable rebooting after updates are applied (not recommended).
+- **server**: is the omaha endpoint URL which will be queried for updates.
+- **group**:  signifies the channel which should be used for automatic updates.  This value defaults to the version of the image initially downloaded. (one of "master", "alpha", "beta", "stable")
+
+*Note: cloudinit will only manipulate the locksmith unit file in the systemd runtime directory (`/run/systemd/system/locksmithd.service`). If any manual modifications are made to an overriding unit configuration file (e.g. `/etc/systemd/system/locksmithd.service`), cloudinit will no longer be able to control the locksmith service unit.*
+
+##### Example
+
+```yaml
 #cloud-config
 coreos:
-  oem:
-    id: rackspace
-    name: Rackspace Cloud Servers
-    version-id: 168.0.0
-    home-url: https://www.rackspace.com/cloud/servers/
-    bug-report-url: https://github.com/coreos/coreos-overlay
+  update:
+    reboot-strategy: etcd-lock
 ```
 
-...would be rendered to the following `/etc/oem-release`:
+#### units
 
-```
-ID="rackspace"
-NAME="Rackspace Cloud Servers"
-VERSION_ID="168.0.0"
-HOME_URL="https://www.rackspace.com/cloud/servers/"
-BUG_REPORT_URL="https://github.com/coreos/coreos-overlay"
-```
+The `coreos.units.*` parameters define a list of arbitrary systemd units to start after booting. This feature is intended to help you start essential services required to mount storage and configure networking in order to join the CoreOS cluster. It is not intended to be a Chef/Puppet replacement.
 
-[os-release]: http://www.freedesktop.org/software/systemd/man/os-release.html
-
-### coreos.units
-
-Arbitrary systemd units may be provided in the `coreos.units` attribute.
-`coreos.units` is a list of objects with the following fields:
+Each item is an object with the following fields:
 
 - **name**: String representing unit's name. Required.
-- **runtime**: Boolean indicating whether or not to persist the unit across reboots. This is analagous to the `--runtime` argument to `systemd enable`. Default value is false.
+- **runtime**: Boolean indicating whether or not to persist the unit across reboots. This is analogous to the `--runtime` argument to `systemctl enable`. The default value is false.
+- **enable**: Boolean indicating whether or not to handle the [Install] section of the unit file. This is similar to running `systemctl enable <name>`. The default value is false.
 - **content**: Plaintext string representing entire unit file. If no value is provided, the unit is assumed to exist already.
-- **command**: Command to execute on unit: start, stop, reload, restart, try-restart, reload-or-restart, reload-or-try-restart. Default value is restart.
+- **command**: Command to execute on unit: start, stop, reload, restart, try-restart, reload-or-restart, reload-or-try-restart. The default behavior is to not execute any commands.
+- **mask**: Whether to mask the unit file by symlinking it to `/dev/null` (analogous to `systemctl mask <name>`). Note that unlike `systemctl mask`, **this will destructively remove any existing unit file** located at `/etc/systemd/system/<unit>`, to ensure that the mask succeeds. The default value is false.
+- **drop-ins**: A list of unit drop-ins with the following fields:
+  - **name**: String representing unit's name. Required.
+  - **content**: Plaintext string representing entire file. Required.
+
 
 **NOTE:** The command field is ignored for all network, netdev, and link units. The systemd-networkd.service unit will be restarted in their place.
 
@@ -94,50 +168,61 @@ Arbitrary systemd units may be provided in the `coreos.units` attribute.
 
 Write a unit to disk, automatically starting it.
 
-```
+```yaml
 #cloud-config
 
 coreos:
-    units:
-      - name: docker-redis.service
-        content: |
-          [Unit]
-          Description=Redis container
-          Author=Me
-          After=docker.service
+  units:
+    - name: docker-redis.service
+      command: start
+      content: |
+        [Unit]
+        Description=Redis container
+        Author=Me
+        After=docker.service
 
-          [Service]
-          Restart=always
-          ExecStart=/usr/bin/docker start -a redis_server
-          ExecStop=/usr/bin/docker stop -t 2 redis_server
-          
-          [Install]
-          WantedBy=local.target
+        [Service]
+        Restart=always
+        ExecStart=/usr/bin/docker start -a redis_server
+        ExecStop=/usr/bin/docker stop -t 2 redis_server
 ```
 
-Start the builtin `etcd` and `fleet` services:
+Add the DOCKER_OPTS environment variable to docker.service.
 
-```
-# cloud-config
+```yaml
+#cloud-config
 
 coreos:
-    units:
-      - name: etcd.service
-        command: start
-      - name: fleet.service
-        command: start
+  units:
+    - name: docker.service
+      drop-ins:
+        - name: 50-insecure-registry.conf
+          content: |
+            [Service]
+            Environment=DOCKER_OPTS='--insecure-registry="10.0.1.0/24"'
 ```
 
-## Cloud-Config Parameters
+Start the built-in `etcd` and `fleet` services:
+
+```yaml
+#cloud-config
+
+coreos:
+  units:
+    - name: etcd.service
+      command: start
+    - name: fleet.service
+      command: start
+```
 
 ### ssh_authorized_keys
 
-Provided public SSH keys will be authorized for the `core` user.
+The `ssh_authorized_keys` parameter adds public SSH keys which will be authorized for the `core` user.
 
 The keys will be named "coreos-cloudinit" by default.
-Override this with the `--ssh-key-name` flag when calling `coreos-cloudinit`.
+Override this by using the `--ssh-key-name` flag when calling `coreos-cloudinit`.
 
-```
+```yaml
 #cloud-config
 
 ssh_authorized_keys:
@@ -146,10 +231,10 @@ ssh_authorized_keys:
 
 ### hostname
 
-The provided value will be used to set the system's hostname.
+The `hostname` parameter defines the system's hostname.
 This is the local part of a fully-qualified domain name (i.e. `foo` in `foo.example.com`).
 
-```
+```yaml
 #cloud-config
 
 hostname: coreos1
@@ -157,20 +242,20 @@ hostname: coreos1
 
 ### users
 
-Add or modify users with the `users` directive by providing a list of user objects, each consisting of the following fields.
-Each field is optional and of type string unless otherwise noted.
+The `users` parameter adds or modifies the specified list of users. Each user is an object which consists of the following fields. Each field is optional and of type string unless otherwise noted.
 All but the `passwd` and `ssh-authorized-keys` fields will be ignored if the user already exists.
 
 - **name**: Required. Login name of user
 - **gecos**: GECOS comment of user
 - **passwd**: Hash of the password to use for this user
-- **homedir**: User's home directory. Defaults to /home/<name>
+- **homedir**: User's home directory. Defaults to /home/\<name\>
 - **no-create-home**: Boolean. Skip home directory creation.
 - **primary-group**: Default group for the user. Defaults to a new group created named after the user.
 - **groups**: Add user to these additional groups
 - **no-user-group**: Boolean. Skip default group creation.
 - **ssh-authorized-keys**: List of public SSH keys to authorize for this user
 - **coreos-ssh-import-github**: Authorize SSH keys from Github user
+- **coreos-ssh-import-url**: Authorize SSH keys imported from a url endpoint.
 - **system**: Create the user as a system user. No home directory will be created.
 - **no-log-init**: Boolean. Skip initialization of lastlog and faillog databases.
 
@@ -182,17 +267,17 @@ The following fields are not yet implemented:
 - **selinux-user**: Corresponding SELinux user
 - **ssh-import-id**: Import SSH keys by ID from Launchpad.
 
-```
+```yaml
 #cloud-config
 
 users:
   - name: elroy
-  passwd: $6$5s2u6/jR$un0AvWnqilcgaNB3Mkxd5yYv6mTlWfOoCYHZmfi3LDKVltj.E8XNKEcwWm...
-  groups:
-    - staff
-    - docker
-  ssh-authorized-keys:
-    - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0g+ZTxC7weoIJLUafOgrm+h...
+    passwd: $6$5s2u6/jR$un0AvWnqilcgaNB3Mkxd5yYv6mTlWfOoCYHZmfi3LDKVltj.E8XNKEcwWm...
+    groups:
+      - sudo
+      - docker
+    ssh-authorized-keys:
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0g+ZTxC7weoIJLUafOgrm+h...
 ```
 
 #### Generating a password hash
@@ -215,12 +300,80 @@ perl -e 'print crypt("password","\$6\$SALT\$") . "\n"'
 
 Using a higher number of rounds will help create more secure passwords, but given enough time, password hashes can be reversed.  On most RPM based distributions there is a tool called mkpasswd available in the `expect` package, but this does not handle "rounds" nor advanced hashing algorithms. 
 
+#### Retrieving SSH Authorized Keys
+
+##### From a GitHub User
+
+Using the `coreos-ssh-import-github` field, we can import public SSH keys from a GitHub user to use as authorized keys to a server.
+
+```yaml
+#cloud-config
+
+users:
+  - name: elroy
+    coreos-ssh-import-github: elroy
+```
+
+##### From an HTTP Endpoint
+
+We can also pull public SSH keys from any HTTP endpoint which matches [GitHub's API response format](https://developer.github.com/v3/users/keys/#list-public-keys-for-a-user).
+For example, if you have an installation of GitHub Enterprise, you can provide a complete URL with an authentication token:
+
+```yaml
+#cloud-config
+
+users:
+  - name: elroy
+    coreos-ssh-import-url: https://github-enterprise.example.com/api/v3/users/elroy/keys?access_token=<TOKEN>
+```
+
+You can also specify any URL whose response matches the JSON format for public keys:
+
+```yaml
+#cloud-config
+
+users:
+  - name: elroy
+    coreos-ssh-import-url: https://example.com/public-keys
+```
+
 ### write_files
 
-Inject an arbitrary set of files to the local filesystem.
-Provide a list of objects with the following attributes:
+The `write_files` directive defines a set of files to create on the local filesystem.
+Each item in the list may have the following keys:
 
 - **path**: Absolute location on disk where contents should be written
 - **content**: Data to write at the provided `path`
-- **permissions**: String representing file permissions in octal notation (i.e. '0644')
+- **permissions**: Integer representing file permissions, typically in octal notation (i.e. 0644)
 - **owner**: User and group that should own the file written to disk. This is equivalent to the `<user>:<group>` argument to `chown <user>:<group> <path>`.
+
+Explicitly not implemented is the **encoding** attribute.
+The **content** field must represent exactly what should be written to disk.
+
+```yaml
+#cloud-config
+write_files:
+  - path: /etc/resolv.conf
+    permissions: 0644
+    owner: root
+    content: |
+      nameserver 8.8.8.8
+  - path: /etc/motd
+    permissions: 0644
+    owner: root
+    content: |
+      Good news, everyone!
+```
+
+### manage_etc_hosts
+
+The `manage_etc_hosts` parameter configures the contents of the `/etc/hosts` file, which is used for local name resolution.
+Currently, the only supported value is "localhost" which will cause your system's hostname
+to resolve to "127.0.0.1".  This is helpful when the host does not have DNS
+infrastructure in place to resolve its own hostname, for example, when using Vagrant.
+
+```yaml
+#cloud-config
+
+manage_etc_hosts: localhost
+```

Documentation/config-drive.md

@@ -0,0 +1,34 @@
+# Distribution via Config Drive
+
+CoreOS supports providing configuration data via [config drive][config-drive]
+disk images. Currently only providing a single script or cloud config file is
+supported.
+
+[config-drive]: http://docs.openstack.org/user-guide/content/enable_config_drive.html#config_drive_contents
+
+## Contents and Format
+
+The image should be a single FAT or ISO9660 file system with the label
+`config-2` and the configuration data should be located at
+`openstack/latest/user_data`.
+
+For example, to wrap up a config named `user_data` in a config drive image:
+
+```sh
+mkdir -p /tmp/new-drive/openstack/latest
+cp user_data /tmp/new-drive/openstack/latest/user_data
+mkisofs -R -V config-2 -o configdrive.iso /tmp/new-drive
+rm -r /tmp/new-drive
+```
+
+## QEMU virtfs
+
+One exception to the above, when using QEMU it is possible to skip creating an
+image and use a plain directory containing the same contents:
+
+```sh
+qemu-system-x86_64 \
+    -fsdev local,id=conf,security_model=none,readonly,path=/tmp/new-drive \
+    -device virtio-9p-pci,fsdev=conf,mount_tag=config-2 \
+    [usual qemu options here...]
+```

Documentation/debian-interfaces.md

@@ -0,0 +1,27 @@
+#Debian Interfaces#
+**WARNING**: This option is EXPERIMENTAL and may change or be removed at any
+point.  
+There is basic support for converting from a Debian network configuration to
+networkd unit files. The -convert-netconf=debian option is used to activate
+this feature.
+
+#convert-netconf#
+Default: ""  
+Read the network config provided in cloud-drive and translate it from the
+specified format into networkd unit files (requires the -from-configdrive
+flag). Currently only supports "debian" which provides support for a small
+subset of the [Debian network configuration]
+(https://wiki.debian.org/NetworkConfiguration). These options include:
+
+- interface config methods
+	- static
+		- address/netmask
+		- gateway
+		- hwaddress
+		- dns-nameservers
+	- dhcp
+		- hwaddress
+	- manual
+	- loopback
+- vlan_raw_device
+- bond-slaves

Godeps/Godeps.json

@@ -0,0 +1,34 @@
+{
+	"ImportPath": "github.com/coreos/coreos-cloudinit",
+	"GoVersion": "go1.3.1",
+	"Packages": [
+		"./..."
+	],
+	"Deps": [
+		{
+			"ImportPath": "github.com/cloudsigma/cepgo",
+			"Rev": "1bfc4895bf5c4d3b599f3f6ee142299488c8739b"
+		},
+		{
+			"ImportPath": "github.com/coreos/go-systemd/dbus",
+			"Rev": "4fbc5060a317b142e6c7bfbedb65596d5f0ab99b"
+		},
+		{
+			"ImportPath": "github.com/dotcloud/docker/pkg/netlink",
+			"Comment": "v0.11.1-359-g55d41c3e21e1",
+			"Rev": "55d41c3e21e1593b944c06196ffb2ac57ab7f653"
+		},
+		{
+			"ImportPath": "github.com/guelfey/go.dbus",
+			"Rev": "f6a3a2366cc39b8479cadc499d3c735fb10fbdda"
+		},
+		{
+			"ImportPath": "github.com/tarm/goserial",
+			"Rev": "cdabc8d44e8e84f58f18074ae44337e1f2f375b9"
+		},
+		{
+			"ImportPath": "gopkg.in/yaml.v1",
+			"Rev": "feb4ca79644e8e7e39c06095246ee54b1282c118"
+		}
+	]
+}

Godeps/Readme

@@ -0,0 +1,5 @@
+This directory tree is generated automatically by godep.
+
+Please do not edit.
+
+See https://github.com/tools/godep for more information.

Godeps/_workspace/.gitignore

@@ -0,0 +1,2 @@
+/pkg
+/bin

Godeps/_workspace/src/github.com/cloudsigma/cepgo/.gitignore

@@ -0,0 +1,23 @@
+# Compiled Object files, Static and Dynamic libs (Shared Objects)
+*.o
+*.a
+*.so
+
+# Folders
+_obj
+_test
+
+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
+*.cgo1.go
+*.cgo2.c
+_cgo_defun.c
+_cgo_gotypes.go
+_cgo_export.*
+
+_testmain.go
+
+*.exe
+*.test

Godeps/_workspace/src/github.com/cloudsigma/cepgo/LICENSE

@@ -0,0 +1,202 @@
+Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright {yyyy} {name of copyright owner}
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+

Godeps/_workspace/src/github.com/cloudsigma/cepgo/README.md

@@ -0,0 +1,43 @@
+cepgo
+=====
+
+Cepko implements easy-to-use communication with CloudSigma's VMs through a
+virtual serial port without bothering with formatting the messages properly nor
+parsing the output with the specific and sometimes confusing shell tools for
+that purpose.
+
+Having the server definition accessible by the VM can be useful in various
+ways. For example it is possible to easily determine from within the VM, which
+network interfaces are connected to public and which to private network.
+Another use is to pass some data to initial VM setup scripts, like setting the
+hostname to the VM name or passing ssh public keys through server meta.
+
+Example usage:
+
+    package main
+
+    import (
+            "fmt"
+
+            "github.com/cloudsigma/cepgo"
+    )
+
+    func main() {
+            c := cepgo.NewCepgo()
+            result, err := c.Meta()
+            if err != nil {
+                    panic(err)
+            }
+            fmt.Printf("%#v", result)
+    }
+
+Output:
+
+    map[string]interface {}{
+        "optimize_for":"custom",
+        "ssh_public_key":"ssh-rsa AAA...",
+        "description":"[...]",
+    }
+
+For more information take a look at the Server Context section of CloudSigma
+API Docs: http://cloudsigma-docs.readthedocs.org/en/latest/server_context.html

Godeps/_workspace/src/github.com/cloudsigma/cepgo/cepgo.go

@@ -0,0 +1,186 @@
+// Cepko implements easy-to-use communication with CloudSigma's VMs through a
+// virtual serial port without bothering with formatting the messages properly
+// nor parsing the output with the specific and sometimes confusing shell tools
+// for that purpose.
+//
+// Having the server definition accessible by the VM can be useful in various
+// ways. For example it is possible to easily determine from within the VM,
+// which network interfaces are connected to public and which to private
+// network. Another use is to pass some data to initial VM setup scripts, like
+// setting the hostname to the VM name or passing ssh public keys through
+// server meta.
+//
+// Example usage:
+//
+//   package main
+//
+//   import (
+//           "fmt"
+//
+//           "github.com/cloudsigma/cepgo"
+//   )
+//
+//   func main() {
+//           c := cepgo.NewCepgo()
+//           result, err := c.Meta()
+//           if err != nil {
+//                   panic(err)
+//           }
+//           fmt.Printf("%#v", result)
+//   }
+//
+// Output:
+//
+//   map[string]string{
+//   	"optimize_for":"custom",
+//   	"ssh_public_key":"ssh-rsa AAA...",
+//   	"description":"[...]",
+//   }
+//
+// For more information take a look at the Server Context section API Docs:
+// http://cloudsigma-docs.readthedocs.org/en/latest/server_context.html
+package cepgo
+
+import (
+	"bufio"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"runtime"
+
+	"github.com/coreos/coreos-cloudinit/Godeps/_workspace/src/github.com/tarm/goserial"
+)
+
+const (
+	requestPattern = "<\n%s\n>"
+	EOT            = '\x04' // End Of Transmission
+)
+
+var (
+	SerialPort string = "/dev/ttyS1"
+	Baud       int    = 115200
+)
+
+// Sets the serial port. If the operating system is windows CloudSigma's server
+// context is at COM2 port, otherwise (linux, freebsd, darwin) the port is
+// being left to the default /dev/ttyS1.
+func init() {
+	if runtime.GOOS == "windows" {
+		SerialPort = "COM2"
+	}
+}
+
+// The default fetcher makes the connection to the serial port,
+// writes given query and reads until the EOT symbol.
+func fetchViaSerialPort(key string) ([]byte, error) {
+	config := &serial.Config{Name: SerialPort, Baud: Baud}
+	connection, err := serial.OpenPort(config)
+	if err != nil {
+		return nil, err
+	}
+
+	query := fmt.Sprintf(requestPattern, key)
+	if _, err := connection.Write([]byte(query)); err != nil {
+		return nil, err
+	}
+
+	reader := bufio.NewReader(connection)
+	answer, err := reader.ReadBytes(EOT)
+	if err != nil {
+		return nil, err
+	}
+
+	return answer[0 : len(answer)-1], nil
+}
+
+// Queries to the serial port can be executed only from instance of this type.
+// The result from each of them can be either interface{}, map[string]string or
+// a single in case of single value is returned. There is also a public metod
+// who directly calls the fetcher and returns raw []byte from the serial port.
+type Cepgo struct {
+	fetcher func(string) ([]byte, error)
+}
+
+// Creates a Cepgo instance with the default serial port fetcher.
+func NewCepgo() *Cepgo {
+	cepgo := new(Cepgo)
+	cepgo.fetcher = fetchViaSerialPort
+	return cepgo
+}
+
+// Creates a Cepgo instance with custom fetcher.
+func NewCepgoFetcher(fetcher func(string) ([]byte, error)) *Cepgo {
+	cepgo := new(Cepgo)
+	cepgo.fetcher = fetcher
+	return cepgo
+}
+
+// Fetches raw []byte from the serial port using directly the fetcher member.
+func (c *Cepgo) FetchRaw(key string) ([]byte, error) {
+	return c.fetcher(key)
+}
+
+// Fetches a single key and tries to unmarshal the result to json and returns
+// it. If the unmarshalling fails it's safe to assume the result it's just a
+// string and returns it.
+func (c *Cepgo) Key(key string) (interface{}, error) {
+	var result interface{}
+
+	fetched, err := c.FetchRaw(key)
+	if err != nil {
+		return nil, err
+	}
+
+	err = json.Unmarshal(fetched, &result)
+	if err != nil {
+		return string(fetched), nil
+	}
+	return result, nil
+}
+
+// Fetches all the server context. Equivalent of c.Key("")
+func (c *Cepgo) All() (interface{}, error) {
+	return c.Key("")
+}
+
+// Fetches only the object meta field and makes sure to return a proper
+// map[string]string
+func (c *Cepgo) Meta() (map[string]string, error) {
+	rawMeta, err := c.Key("/meta/")
+	if err != nil {
+		return nil, err
+	}
+
+	return typeAssertToMapOfStrings(rawMeta)
+}
+
+// Fetches only the global context and makes sure to return a proper
+// map[string]string
+func (c *Cepgo) GlobalContext() (map[string]string, error) {
+	rawContext, err := c.Key("/global_context/")
+	if err != nil {
+		return nil, err
+	}
+
+	return typeAssertToMapOfStrings(rawContext)
+}
+
+// Just a little helper function that uses type assertions in order to convert
+// a interface{} to map[string]string if this is possible.
+func typeAssertToMapOfStrings(raw interface{}) (map[string]string, error) {
+	result := make(map[string]string)
+
+	dictionary, ok := raw.(map[string]interface{})
+	if !ok {
+		return nil, errors.New("Received bytes are formatted badly")
+	}
+
+	for key, rawValue := range dictionary {
+		if value, ok := rawValue.(string); ok {
+			result[key] = value
+		} else {
+			return nil, errors.New("Server context metadata is formatted badly")
+		}
+	}
+	return result, nil
+}

Godeps/_workspace/src/github.com/cloudsigma/cepgo/cepgo_test.go

@@ -0,0 +1,122 @@
+package cepgo
+
+import (
+	"encoding/json"
+	"testing"
+)
+
+func fetchMock(key string) ([]byte, error) {
+	context := []byte(`{
+		"context": true,
+		"cpu": 4000,
+		"cpu_model": null,
+		"cpus_instead_of_cores": false,
+		"enable_numa": false,
+		"global_context": {
+			"some_global_key": "some_global_val"
+		},
+		"grantees": [],
+		"hv_relaxed": false,
+		"hv_tsc": false,
+		"jobs": [],
+		"mem": 4294967296,
+		"meta": {
+			"base64_fields": "cloudinit-user-data",
+			"cloudinit-user-data": "I2Nsb3VkLWNvbmZpZwoKaG9zdG5hbWU6IGNvcmVvczE=",
+			"ssh_public_key": "ssh-rsa AAAAB2NzaC1yc2E.../hQ5D5 john@doe"
+		},
+		"name": "coreos",
+		"nics": [
+			{
+				"runtime": {
+					"interface_type": "public",
+					"ip_v4": {
+						"uuid": "31.171.251.74"
+					},
+					"ip_v6": null
+				},
+				"vlan": null
+			}
+		],
+		"smp": 2,
+		"status": "running",
+		"uuid": "20a0059b-041e-4d0c-bcc6-9b2852de48b3"
+	}`)
+
+	if key == "" {
+		return context, nil
+	}
+
+	var marshalledContext map[string]interface{}
+
+	err := json.Unmarshal(context, &marshalledContext)
+	if err != nil {
+		return nil, err
+	}
+
+	if key[0] == '/' {
+		key = key[1:]
+	}
+	if key[len(key)-1] == '/' {
+		key = key[:len(key)-1]
+	}
+
+	return json.Marshal(marshalledContext[key])
+}
+
+func TestAll(t *testing.T) {
+	cepgo := NewCepgoFetcher(fetchMock)
+
+	result, err := cepgo.All()
+	if err != nil {
+		t.Error(err)
+	}
+
+	for _, key := range []string{"meta", "name", "uuid", "global_context"} {
+		if _, ok := result.(map[string]interface{})[key]; !ok {
+			t.Errorf("%s not in all keys", key)
+		}
+	}
+}
+
+func TestKey(t *testing.T) {
+	cepgo := NewCepgoFetcher(fetchMock)
+
+	result, err := cepgo.Key("uuid")
+	if err != nil {
+		t.Error(err)
+	}
+
+	if _, ok := result.(string); !ok {
+		t.Errorf("%#v\n", result)
+
+		t.Error("Fetching the uuid did not return a string")
+	}
+}
+
+func TestMeta(t *testing.T) {
+	cepgo := NewCepgoFetcher(fetchMock)
+
+	meta, err := cepgo.Meta()
+	if err != nil {
+		t.Errorf("%#v\n", meta)
+		t.Error(err)
+	}
+
+	if _, ok := meta["ssh_public_key"]; !ok {
+		t.Error("ssh_public_key is not in the meta")
+	}
+}
+
+func TestGlobalContext(t *testing.T) {
+	cepgo := NewCepgoFetcher(fetchMock)
+
+	result, err := cepgo.GlobalContext()
+	if err != nil {
+		t.Error(err)
+	}
+
+	if _, ok := result["some_global_key"]; !ok {
+		t.Error("some_global_key is not in the global context")
+	}
+}

Godeps/_workspace/src/github.com/coreos/go-systemd/dbus/dbus.go

@@ -18,10 +18,12 @@ limitations under the License.
 package dbus
 
 import (
+	"os"
+	"strconv"
 	"strings"
 	"sync"
 
-	"github.com/coreos/coreos-cloudinit/third_party/github.com/guelfey/go.dbus"
+	"github.com/coreos/coreos-cloudinit/Godeps/_workspace/src/github.com/guelfey/go.dbus"
 )
 
 const signalBuffer = 100
@@ -73,7 +75,12 @@ func (c *Conn) initConnection() error {
 		return err
 	}
 
-	err = c.sysconn.Auth(nil)
+	// Only use EXTERNAL method, and hardcode the uid (not username)
+	// to avoid a username lookup (which requires a dynamically linked
+	// libc)
+	methods := []dbus.Auth{dbus.AuthExternal(strconv.Itoa(os.Getuid()))}
+
+	err = c.sysconn.Auth(methods)
 	if err != nil {
 		c.sysconn.Close()
 		return err

Godeps/_workspace/src/github.com/coreos/go-systemd/dbus/methods.go

@@ -18,7 +18,7 @@ package dbus
 
 import (
 	"errors"
-	"github.com/coreos/coreos-cloudinit/third_party/github.com/guelfey/go.dbus"
+	"github.com/coreos/coreos-cloudinit/Godeps/_workspace/src/github.com/guelfey/go.dbus"
 )
 
 func (c *Conn) initJobs() {
@@ -35,6 +35,7 @@ func (c *Conn) jobComplete(signal *dbus.Signal) {
 	out, ok := c.jobListener.jobs[job]
 	if ok {
 		out <- result
+		delete(c.jobListener.jobs, job)
 	}
 	c.jobListener.Unlock()
 }
@@ -137,8 +138,8 @@ func (c *Conn) KillUnit(name string, signal int32) {
 	c.sysobj.Call("org.freedesktop.systemd1.Manager.KillUnit", 0, name, "all", signal).Store()
 }
 
-// GetUnitProperties takes the unit name and returns all of its dbus object properties.
-func (c *Conn) GetUnitProperties(unit string) (map[string]interface{}, error) {
+// getProperties takes the unit name and returns all of its dbus object properties, for the given dbus interface
+func (c *Conn) getProperties(unit string, dbusInterface string) (map[string]interface{}, error) {
 	var err error
 	var props map[string]dbus.Variant
 
@@ -148,7 +149,7 @@ func (c *Conn) GetUnitProperties(unit string) (map[string]interface{}, error) {
 	}
 
 	obj := c.sysconn.Object("org.freedesktop.systemd1", path)
-	err = obj.Call("org.freedesktop.DBus.Properties.GetAll", 0, "org.freedesktop.systemd1.Unit").Store(&props)
+	err = obj.Call("org.freedesktop.DBus.Properties.GetAll", 0, dbusInterface).Store(&props)
 	if err != nil {
 		return nil, err
 	}
@@ -161,6 +162,55 @@ func (c *Conn) GetUnitProperties(unit string) (map[string]interface{}, error) {
 	return out, nil
 }
 
+// GetUnitProperties takes the unit name and returns all of its dbus object properties.
+func (c *Conn) GetUnitProperties(unit string) (map[string]interface{}, error) {
+	return c.getProperties(unit, "org.freedesktop.systemd1.Unit")
+}
+
+func (c *Conn) getProperty(unit string, dbusInterface string, propertyName string) (*Property, error) {
+	var err error
+	var prop dbus.Variant
+
+	path := ObjectPath("/org/freedesktop/systemd1/unit/" + unit)
+	if !path.IsValid() {
+		return nil, errors.New("invalid unit name: " + unit)
+	}
+
+	obj := c.sysconn.Object("org.freedesktop.systemd1", path)
+	err = obj.Call("org.freedesktop.DBus.Properties.Get", 0, dbusInterface, propertyName).Store(&prop)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Property{Name: propertyName, Value: prop}, nil
+}
+
+func (c *Conn) GetUnitProperty(unit string, propertyName string) (*Property, error) {
+	return c.getProperty(unit, "org.freedesktop.systemd1.Unit", propertyName)
+}
+
+// GetUnitTypeProperties returns the extra properties for a unit, specific to the unit type.
+// Valid values for unitType: Service, Socket, Target, Device, Mount, Automount, Snapshot, Timer, Swap, Path, Slice, Scope
+// return "dbus.Error: Unknown interface" if the unitType is not the correct type of the unit
+func (c *Conn) GetUnitTypeProperties(unit string, unitType string) (map[string]interface{}, error) {
+	return c.getProperties(unit, "org.freedesktop.systemd1."+unitType)
+}
+
+// SetUnitProperties() may be used to modify certain unit properties at runtime.
+// Not all properties may be changed at runtime, but many resource management
+// settings (primarily those in systemd.cgroup(5)) may. The changes are applied
+// instantly, and stored on disk for future boots, unless runtime is true, in which
+// case the settings only apply until the next reboot. name is the name of the unit
+// to modify. properties are the settings to set, encoded as an array of property
+// name and value pairs.
+func (c *Conn) SetUnitProperties(name string, runtime bool, properties ...Property) error {
+	return c.sysobj.Call("SetUnitProperties", 0, name, runtime, properties).Store()
+}
+
+func (c *Conn) GetUnitTypeProperty(unit string, unitType string, propertyName string) (*Property, error) {
+	return c.getProperty(unit, "org.freedesktop.systemd1."+unitType, propertyName)
+}
+
 // ListUnits returns an array with all currently loaded units. Note that
 // units may be known by multiple names at the same time, and hence there might
 // be more unit names loaded than actual units behind them.
@@ -253,8 +303,52 @@ type EnableUnitFileChange struct {
 	Destination string // Destination of the symlink
 }
 
+// DisableUnitFiles() may be used to disable one or more units in the system (by
+// removing symlinks to them from /etc or /run).
+//
+// It takes a list of unit files to disable (either just file names or full
+// absolute paths if the unit files are residing outside the usual unit
+// search paths), and one boolean: whether the unit was enabled for runtime
+// only (true, /run), or persistently (false, /etc).
+//
+// This call returns an array with the changes made. The changes list
+// consists of structures with three strings: the type of the change (one of
+// symlink or unlink), the file name of the symlink and the destination of the
+// symlink.
+func (c *Conn) DisableUnitFiles(files []string, runtime bool) ([]DisableUnitFileChange, error) {
+	result := make([][]interface{}, 0)
+	err := c.sysobj.Call("DisableUnitFiles", 0, files, runtime).Store(&result)
+	if err != nil {
+		return nil, err
+	}
+
+	resultInterface := make([]interface{}, len(result))
+	for i := range result {
+		resultInterface[i] = result[i]
+	}
+
+	changes := make([]DisableUnitFileChange, len(result))
+	changesInterface := make([]interface{}, len(changes))
+	for i := range changes {
+		changesInterface[i] = &changes[i]
+	}
+
+	err = dbus.Store(resultInterface, changesInterface...)
+	if err != nil {
+		return nil, err
+	}
+
+	return changes, nil
+}
+
+type DisableUnitFileChange struct {
+	Type        string // Type of the change (one of symlink or unlink)
+	Filename    string // File name of the symlink
+	Destination string // Destination of the symlink
+}
+
 // Reload instructs systemd to scan for and reload unit files. This is
 // equivalent to a 'systemctl daemon-reload'.
-func (c *Conn) Reload() (string, error) {
-	return c.runJob("org.freedesktop.systemd1.Manager.Reload")
+func (c *Conn) Reload() error {
+	return c.sysobj.Call("org.freedesktop.systemd1.Manager.Reload", 0).Store()
 }

Godeps/_workspace/src/github.com/coreos/go-systemd/dbus/methods_test.go

@@ -18,9 +18,11 @@ package dbus
 
 import (
 	"fmt"
+	"github.com/coreos/coreos-cloudinit/Godeps/_workspace/src/github.com/guelfey/go.dbus"
 	"math/rand"
 	"os"
 	"path/filepath"
+	"reflect"
 	"testing"
 )
 
@@ -50,13 +52,16 @@ func setupUnit(target string, conn *Conn, t *testing.T) {
 	fixture := []string{abs}
 
 	install, changes, err := conn.EnableUnitFiles(fixture, true, true)
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	if install != false {
 		t.Fatal("Install was true")
 	}
 
 	if len(changes) < 1 {
-		t.Fatal("Expected one change, got %v", changes)
+		t.Fatalf("Expected one change, got %v", changes)
 	}
 
 	if changes[0].Filename != targetRun {
@@ -118,6 +123,37 @@ func TestStartStopUnit(t *testing.T) {
 	}
 }
 
+// Enables a unit and then immediately tears it down
+func TestEnableDisableUnit(t *testing.T) {
+	target := "enable-disable.service"
+	conn := setupConn(t)
+
+	setupUnit(target, conn, t)
+
+	abs, err := filepath.Abs("../fixtures/" + target)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	path := filepath.Join("/run/systemd/system/", target)
+
+	// 2. Disable the unit
+	changes, err := conn.DisableUnitFiles([]string{abs}, true)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if len(changes) != 1 {
+		t.Fatalf("Changes should include the path, %v", changes)
+	}
+	if changes[0].Filename != path {
+		t.Fatalf("Change should include correct filename, %+v", changes[0])
+	}
+	if changes[0].Destination != "" {
+		t.Fatalf("Change destination should be empty, %+v", changes[0])
+	}
+}
+
 // TestGetUnitProperties reads the `-.mount` which should exist on all systemd
 // systems and ensures that one of its properties is valid.
 func TestGetUnitProperties(t *testing.T) {
@@ -139,6 +175,20 @@ func TestGetUnitProperties(t *testing.T) {
 	if names[0] != "system.slice" {
 		t.Fatal("unexpected wants for /")
 	}
+
+	prop, err := conn.GetUnitProperty(unit, "Wants")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if prop.Name != "Wants" {
+		t.Fatal("unexpected property name")
+	}
+
+	val := prop.Value.Value().([]string)
+	if !reflect.DeepEqual(val, names) {
+		t.Fatal("unexpected property value")
+	}
 }
 
 // TestGetUnitPropertiesRejectsInvalidName attempts to get the properties for a
@@ -150,10 +200,37 @@ func TestGetUnitPropertiesRejectsInvalidName(t *testing.T) {
 	unit := "//invalid#$^/"
 
 	_, err := conn.GetUnitProperties(unit)
-
 	if err == nil {
 		t.Fatal("Expected an error, got nil")
 	}
+
+	_, err = conn.GetUnitProperty(unit, "Wants")
+	if err == nil {
+		t.Fatal("Expected an error, got nil")
+	}
+}
+
+// TestSetUnitProperties changes a cgroup setting on the `tmp.mount`
+// which should exist on all systemd systems and ensures that the
+// property was set.
+func TestSetUnitProperties(t *testing.T) {
+	conn := setupConn(t)
+
+	unit := "tmp.mount"
+
+	if err := conn.SetUnitProperties(unit, true, Property{"CPUShares", dbus.MakeVariant(uint64(1023))}); err != nil {
+		t.Fatal(err)
+	}
+
+	info, err := conn.GetUnitTypeProperties(unit, "Mount")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	value := info["CPUShares"].(uint64)
+	if value != 1023 {
+		t.Fatal("CPUShares of unit is not 1023, %s", value)
+	}
 }
 
 // Ensure that basic transient unit starting and stopping works.
@@ -211,3 +288,27 @@ func TestStartStopTransientUnit(t *testing.T) {
 		t.Fatalf("Test unit found in list, should be stopped")
 	}
 }
+
+func TestConnJobListener(t *testing.T) {
+	target := "start-stop.service"
+	conn := setupConn(t)
+
+	setupUnit(target, conn, t)
+
+	jobSize := len(conn.jobListener.jobs)
+
+	_, err := conn.StartUnit(target, "replace")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = conn.StopUnit(target, "replace")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	currentJobSize := len(conn.jobListener.jobs)
+	if jobSize != currentJobSize {
+		t.Fatal("JobListener jobs leaked")
+	}
+}

Godeps/_workspace/src/github.com/coreos/go-systemd/dbus/properties.go

@@ -17,7 +17,7 @@ limitations under the License.
 package dbus
 
 import (
-	"github.com/coreos/coreos-cloudinit/third_party/github.com/guelfey/go.dbus"
+	"github.com/coreos/coreos-cloudinit/Godeps/_workspace/src/github.com/guelfey/go.dbus"
 )
 
 // From the systemd docs:
@@ -209,3 +209,12 @@ func PropPropagatesReloadTo(units ...string) Property {
 func PropRequiresMountsFor(units ...string) Property {
 	return propDependency("RequiresMountsFor", units)
 }
+
+// PropSlice sets the Slice unit property.  See
+// http://www.freedesktop.org/software/systemd/man/systemd.resource-control.html#Slice=
+func PropSlice(slice string) Property {
+	return Property{
+		Name:  "Slice",
+		Value: dbus.MakeVariant(slice),
+	}
+}

Godeps/_workspace/src/github.com/coreos/go-systemd/dbus/subscription.go

@@ -20,7 +20,7 @@ import (
 	"errors"
 	"time"
 
-	"github.com/coreos/coreos-cloudinit/third_party/github.com/guelfey/go.dbus"
+	"github.com/coreos/coreos-cloudinit/Godeps/_workspace/src/github.com/guelfey/go.dbus"
 )
 
 const (
@@ -101,7 +101,7 @@ func (c *Conn) SubscribeUnits(interval time.Duration) (<-chan map[string]*UnitSt
 // SubscribeUnitsCustom is like SubscribeUnits but lets you specify the buffer
 // size of the channels, the comparison function for detecting changes and a filter
 // function for cutting down on the noise that your channel receives.
-func (c *Conn) SubscribeUnitsCustom(interval time.Duration, buffer int, isChanged func(*UnitStatus, *UnitStatus) bool, filterUnit func (string) bool) (<-chan map[string]*UnitStatus, <-chan error) {
+func (c *Conn) SubscribeUnitsCustom(interval time.Duration, buffer int, isChanged func(*UnitStatus, *UnitStatus) bool, filterUnit func(string) bool) (<-chan map[string]*UnitStatus, <-chan error) {
 	old := make(map[string]*UnitStatus)
 	statusChan := make(chan map[string]*UnitStatus, buffer)
 	errChan := make(chan error, buffer)

Godeps/_workspace/src/github.com/dotcloud/docker/pkg/netlink/MAINTAINERS

@@ -0,0 +1,2 @@
+Michael Crosby <michael@crosbymichael.com> (@crosbymichael)
+Guillaume J. Charmes <guillaume@docker.com> (@creack)

Godeps/_workspace/src/github.com/dotcloud/docker/pkg/netlink/netlink.go

@@ -0,0 +1,23 @@
+// Packet netlink provide access to low level Netlink sockets and messages.
+//
+// Actual implementations are in:
+// netlink_linux.go
+// netlink_darwin.go
+package netlink
+
+import (
+	"errors"
+	"net"
+)
+
+var (
+	ErrWrongSockType = errors.New("Wrong socket type")
+	ErrShortResponse = errors.New("Got short response from netlink")
+)
+
+// A Route is a subnet associated with the interface to reach it.
+type Route struct {
+	*net.IPNet
+	Iface   *net.Interface
+	Default bool
+}

Godeps/_workspace/src/github.com/dotcloud/docker/pkg/netlink/netlink_linux.go

@@ -0,0 +1,891 @@
+// +build amd64
+
+package netlink
+
+import (
+	"encoding/binary"
+	"fmt"
+	"math/rand"
+	"net"
+	"syscall"
+	"unsafe"
+)
+
+const (
+	IFNAMSIZ       = 16
+	DEFAULT_CHANGE = 0xFFFFFFFF
+	IFLA_INFO_KIND = 1
+	IFLA_INFO_DATA = 2
+	VETH_INFO_PEER = 1
+	IFLA_NET_NS_FD = 28
+	SIOC_BRADDBR   = 0x89a0
+	SIOC_BRADDIF   = 0x89a2
+)
+
+var nextSeqNr int
+
+type ifreqHwaddr struct {
+	IfrnName   [16]byte
+	IfruHwaddr syscall.RawSockaddr
+}
+
+type ifreqIndex struct {
+	IfrnName  [16]byte
+	IfruIndex int32
+}
+
+func nativeEndian() binary.ByteOrder {
+	var x uint32 = 0x01020304
+	if *(*byte)(unsafe.Pointer(&x)) == 0x01 {
+		return binary.BigEndian
+	}
+	return binary.LittleEndian
+}
+
+func getSeq() int {
+	nextSeqNr = nextSeqNr + 1
+	return nextSeqNr
+}
+
+func getIpFamily(ip net.IP) int {
+	if len(ip) <= net.IPv4len {
+		return syscall.AF_INET
+	}
+	if ip.To4() != nil {
+		return syscall.AF_INET
+	}
+	return syscall.AF_INET6
+}
+
+type NetlinkRequestData interface {
+	Len() int
+	ToWireFormat() []byte
+}
+
+type IfInfomsg struct {
+	syscall.IfInfomsg
+}
+
+func newIfInfomsg(family int) *IfInfomsg {
+	return &IfInfomsg{
+		IfInfomsg: syscall.IfInfomsg{
+			Family: uint8(family),
+		},
+	}
+}
+
+func newIfInfomsgChild(parent *RtAttr, family int) *IfInfomsg {
+	msg := newIfInfomsg(family)
+	parent.children = append(parent.children, msg)
+	return msg
+}
+
+func (msg *IfInfomsg) ToWireFormat() []byte {
+	native := nativeEndian()
+
+	length := syscall.SizeofIfInfomsg
+	b := make([]byte, length)
+	b[0] = msg.Family
+	b[1] = 0
+	native.PutUint16(b[2:4], msg.Type)
+	native.PutUint32(b[4:8], uint32(msg.Index))
+	native.PutUint32(b[8:12], msg.Flags)
+	native.PutUint32(b[12:16], msg.Change)
+	return b
+}
+
+func (msg *IfInfomsg) Len() int {
+	return syscall.SizeofIfInfomsg
+}
+
+type IfAddrmsg struct {
+	syscall.IfAddrmsg
+}
+
+func newIfAddrmsg(family int) *IfAddrmsg {
+	return &IfAddrmsg{
+		IfAddrmsg: syscall.IfAddrmsg{
+			Family: uint8(family),
+		},
+	}
+}
+
+func (msg *IfAddrmsg) ToWireFormat() []byte {
+	native := nativeEndian()
+
+	length := syscall.SizeofIfAddrmsg
+	b := make([]byte, length)
+	b[0] = msg.Family
+	b[1] = msg.Prefixlen
+	b[2] = msg.Flags
+	b[3] = msg.Scope
+	native.PutUint32(b[4:8], msg.Index)
+	return b
+}
+
+func (msg *IfAddrmsg) Len() int {
+	return syscall.SizeofIfAddrmsg
+}
+
+type RtMsg struct {
+	syscall.RtMsg
+}
+
+func newRtMsg(family int) *RtMsg {
+	return &RtMsg{
+		RtMsg: syscall.RtMsg{
+			Family:   uint8(family),
+			Table:    syscall.RT_TABLE_MAIN,
+			Scope:    syscall.RT_SCOPE_UNIVERSE,
+			Protocol: syscall.RTPROT_BOOT,
+			Type:     syscall.RTN_UNICAST,
+		},
+	}
+}
+
+func (msg *RtMsg) ToWireFormat() []byte {
+	native := nativeEndian()
+
+	length := syscall.SizeofRtMsg
+	b := make([]byte, length)
+	b[0] = msg.Family
+	b[1] = msg.Dst_len
+	b[2] = msg.Src_len
+	b[3] = msg.Tos
+	b[4] = msg.Table
+	b[5] = msg.Protocol
+	b[6] = msg.Scope
+	b[7] = msg.Type
+	native.PutUint32(b[8:12], msg.Flags)
+	return b
+}
+
+func (msg *RtMsg) Len() int {
+	return syscall.SizeofRtMsg
+}
+
+func rtaAlignOf(attrlen int) int {
+	return (attrlen + syscall.RTA_ALIGNTO - 1) & ^(syscall.RTA_ALIGNTO - 1)
+}
+
+type RtAttr struct {
+	syscall.RtAttr
+	Data     []byte
+	children []NetlinkRequestData
+}
+
+func newRtAttr(attrType int, data []byte) *RtAttr {
+	return &RtAttr{
+		RtAttr: syscall.RtAttr{
+			Type: uint16(attrType),
+		},
+		children: []NetlinkRequestData{},
+		Data:     data,
+	}
+}
+
+func newRtAttrChild(parent *RtAttr, attrType int, data []byte) *RtAttr {
+	attr := newRtAttr(attrType, data)
+	parent.children = append(parent.children, attr)
+	return attr
+}
+
+func (a *RtAttr) Len() int {
+	l := 0
+	for _, child := range a.children {
+		l += child.Len() + syscall.SizeofRtAttr
+	}
+	if l == 0 {
+		l++
+	}
+	return rtaAlignOf(l + len(a.Data))
+}
+
+func (a *RtAttr) ToWireFormat() []byte {
+	native := nativeEndian()
+
+	length := a.Len()
+	buf := make([]byte, rtaAlignOf(length+syscall.SizeofRtAttr))
+
+	if a.Data != nil {
+		copy(buf[4:], a.Data)
+	} else {
+		next := 4
+		for _, child := range a.children {
+			childBuf := child.ToWireFormat()
+			copy(buf[next:], childBuf)
+			next += rtaAlignOf(len(childBuf))
+		}
+	}
+
+	if l := uint16(rtaAlignOf(length)); l != 0 {
+		native.PutUint16(buf[0:2], l+1)
+	}
+	native.PutUint16(buf[2:4], a.Type)
+
+	return buf
+}
+
+type NetlinkRequest struct {
+	syscall.NlMsghdr
+	Data []NetlinkRequestData
+}
+
+func (rr *NetlinkRequest) ToWireFormat() []byte {
+	native := nativeEndian()
+
+	length := rr.Len
+	dataBytes := make([][]byte, len(rr.Data))
+	for i, data := range rr.Data {
+		dataBytes[i] = data.ToWireFormat()
+		length += uint32(len(dataBytes[i]))
+	}
+	b := make([]byte, length)
+	native.PutUint32(b[0:4], length)
+	native.PutUint16(b[4:6], rr.Type)
+	native.PutUint16(b[6:8], rr.Flags)
+	native.PutUint32(b[8:12], rr.Seq)
+	native.PutUint32(b[12:16], rr.Pid)
+
+	next := 16
+	for _, data := range dataBytes {
+		copy(b[next:], data)
+		next += len(data)
+	}
+	return b
+}
+
+func (rr *NetlinkRequest) AddData(data NetlinkRequestData) {
+	if data != nil {
+		rr.Data = append(rr.Data, data)
+	}
+}
+
+func newNetlinkRequest(proto, flags int) *NetlinkRequest {
+	return &NetlinkRequest{
+		NlMsghdr: syscall.NlMsghdr{
+			Len:   uint32(syscall.NLMSG_HDRLEN),
+			Type:  uint16(proto),
+			Flags: syscall.NLM_F_REQUEST | uint16(flags),
+			Seq:   uint32(getSeq()),
+		},
+	}
+}
+
+type NetlinkSocket struct {
+	fd  int
+	lsa syscall.SockaddrNetlink
+}
+
+func getNetlinkSocket() (*NetlinkSocket, error) {
+	fd, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW, syscall.NETLINK_ROUTE)
+	if err != nil {
+		return nil, err
+	}
+	s := &NetlinkSocket{
+		fd: fd,
+	}
+	s.lsa.Family = syscall.AF_NETLINK
+	if err := syscall.Bind(fd, &s.lsa); err != nil {
+		syscall.Close(fd)
+		return nil, err
+	}
+
+	return s, nil
+}
+
+func (s *NetlinkSocket) Close() {
+	syscall.Close(s.fd)
+}
+
+func (s *NetlinkSocket) Send(request *NetlinkRequest) error {
+	if err := syscall.Sendto(s.fd, request.ToWireFormat(), 0, &s.lsa); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (s *NetlinkSocket) Receive() ([]syscall.NetlinkMessage, error) {
+	rb := make([]byte, syscall.Getpagesize())
+	nr, _, err := syscall.Recvfrom(s.fd, rb, 0)
+	if err != nil {
+		return nil, err
+	}
+	if nr < syscall.NLMSG_HDRLEN {
+		return nil, ErrShortResponse
+	}
+	rb = rb[:nr]
+	return syscall.ParseNetlinkMessage(rb)
+}
+
+func (s *NetlinkSocket) GetPid() (uint32, error) {
+	lsa, err := syscall.Getsockname(s.fd)
+	if err != nil {
+		return 0, err
+	}
+	switch v := lsa.(type) {
+	case *syscall.SockaddrNetlink:
+		return v.Pid, nil
+	}
+	return 0, ErrWrongSockType
+}
+
+func (s *NetlinkSocket) HandleAck(seq uint32) error {
+	native := nativeEndian()
+
+	pid, err := s.GetPid()
+	if err != nil {
+		return err
+	}
+
+done:
+	for {
+		msgs, err := s.Receive()
+		if err != nil {
+			return err
+		}
+		for _, m := range msgs {
+			if m.Header.Seq != seq {
+				return fmt.Errorf("Wrong Seq nr %d, expected %d", m.Header.Seq, seq)
+			}
+			if m.Header.Pid != pid {
+				return fmt.Errorf("Wrong pid %d, expected %d", m.Header.Pid, pid)
+			}
+			if m.Header.Type == syscall.NLMSG_DONE {
+				break done
+			}
+			if m.Header.Type == syscall.NLMSG_ERROR {
+				error := int32(native.Uint32(m.Data[0:4]))
+				if error == 0 {
+					break done
+				}
+				return syscall.Errno(-error)
+			}
+		}
+	}
+
+	return nil
+}
+
+// Add a new default gateway. Identical to:
+// ip route add default via $ip
+func AddDefaultGw(ip net.IP) error {
+	s, err := getNetlinkSocket()
+	if err != nil {
+		return err
+	}
+	defer s.Close()
+
+	family := getIpFamily(ip)
+
+	wb := newNetlinkRequest(syscall.RTM_NEWROUTE, syscall.NLM_F_CREATE|syscall.NLM_F_EXCL|syscall.NLM_F_ACK)
+
+	msg := newRtMsg(family)
+	wb.AddData(msg)
+
+	var ipData []byte
+	if family == syscall.AF_INET {
+		ipData = ip.To4()
+	} else {
+		ipData = ip.To16()
+	}
+
+	gateway := newRtAttr(syscall.RTA_GATEWAY, ipData)
+
+	wb.AddData(gateway)
+
+	if err := s.Send(wb); err != nil {
+		return err
+	}
+
+	return s.HandleAck(wb.Seq)
+}
+
+// Bring up a particular network interface
+func NetworkLinkUp(iface *net.Interface) error {
+	s, err := getNetlinkSocket()
+	if err != nil {
+		return err
+	}
+	defer s.Close()
+
+	wb := newNetlinkRequest(syscall.RTM_NEWLINK, syscall.NLM_F_ACK)
+
+	msg := newIfInfomsg(syscall.AF_UNSPEC)
+	msg.Change = syscall.IFF_UP
+	msg.Flags = syscall.IFF_UP
+	msg.Index = int32(iface.Index)
+	wb.AddData(msg)
+
+	if err := s.Send(wb); err != nil {
+		return err
+	}
+
+	return s.HandleAck(wb.Seq)
+}
+
+func NetworkLinkDown(iface *net.Interface) error {
+	s, err := getNetlinkSocket()
+	if err != nil {
+		return err
+	}
+	defer s.Close()
+
+	wb := newNetlinkRequest(syscall.RTM_NEWLINK, syscall.NLM_F_ACK)
+
+	msg := newIfInfomsg(syscall.AF_UNSPEC)
+	msg.Change = syscall.IFF_UP
+	msg.Flags = 0 & ^syscall.IFF_UP
+	msg.Index = int32(iface.Index)
+	wb.AddData(msg)
+
+	if err := s.Send(wb); err != nil {
+		return err
+	}
+
+	return s.HandleAck(wb.Seq)
+}
+
+func NetworkSetMTU(iface *net.Interface, mtu int) error {
+	s, err := getNetlinkSocket()
+	if err != nil {
+		return err
+	}
+	defer s.Close()
+
+	wb := newNetlinkRequest(syscall.RTM_SETLINK, syscall.NLM_F_ACK)
+
+	msg := newIfInfomsg(syscall.AF_UNSPEC)
+	msg.Type = syscall.RTM_SETLINK
+	msg.Flags = syscall.NLM_F_REQUEST
+	msg.Index = int32(iface.Index)
+	msg.Change = DEFAULT_CHANGE
+	wb.AddData(msg)
+
+	var (
+		b      = make([]byte, 4)
+		native = nativeEndian()
+	)
+	native.PutUint32(b, uint32(mtu))
+
+	data := newRtAttr(syscall.IFLA_MTU, b)
+	wb.AddData(data)
+
+	if err := s.Send(wb); err != nil {
+		return err
+	}
+	return s.HandleAck(wb.Seq)
+}
+
+// same as ip link set $name master $master
+func NetworkSetMaster(iface, master *net.Interface) error {
+	s, err := getNetlinkSocket()
+	if err != nil {
+		return err
+	}
+	defer s.Close()
+
+	wb := newNetlinkRequest(syscall.RTM_SETLINK, syscall.NLM_F_ACK)
+
+	msg := newIfInfomsg(syscall.AF_UNSPEC)
+	msg.Type = syscall.RTM_SETLINK
+	msg.Flags = syscall.NLM_F_REQUEST
+	msg.Index = int32(iface.Index)
+	msg.Change = DEFAULT_CHANGE
+	wb.AddData(msg)
+
+	var (
+		b      = make([]byte, 4)
+		native = nativeEndian()
+	)
+	native.PutUint32(b, uint32(master.Index))
+
+	data := newRtAttr(syscall.IFLA_MASTER, b)
+	wb.AddData(data)
+
+	if err := s.Send(wb); err != nil {
+		return err
+	}
+
+	return s.HandleAck(wb.Seq)
+}
+
+func NetworkSetNsPid(iface *net.Interface, nspid int) error {
+	s, err := getNetlinkSocket()
+	if err != nil {
+		return err
+	}
+	defer s.Close()
+
+	wb := newNetlinkRequest(syscall.RTM_SETLINK, syscall.NLM_F_ACK)
+
+	msg := newIfInfomsg(syscall.AF_UNSPEC)
+	msg.Type = syscall.RTM_SETLINK
+	msg.Flags = syscall.NLM_F_REQUEST
+	msg.Index = int32(iface.Index)
+	msg.Change = DEFAULT_CHANGE
+	wb.AddData(msg)
+
+	var (
+		b      = make([]byte, 4)
+		native = nativeEndian()
+	)
+	native.PutUint32(b, uint32(nspid))
+
+	data := newRtAttr(syscall.IFLA_NET_NS_PID, b)
+	wb.AddData(data)
+
+	if err := s.Send(wb); err != nil {
+		return err
+	}
+
+	return s.HandleAck(wb.Seq)
+}
+
+func NetworkSetNsFd(iface *net.Interface, fd int) error {
+	s, err := getNetlinkSocket()
+	if err != nil {
+		return err
+	}
+	defer s.Close()
+
+	wb := newNetlinkRequest(syscall.RTM_SETLINK, syscall.NLM_F_ACK)
+
+	msg := newIfInfomsg(syscall.AF_UNSPEC)
+	msg.Type = syscall.RTM_SETLINK
+	msg.Flags = syscall.NLM_F_REQUEST
+	msg.Index = int32(iface.Index)
+	msg.Change = DEFAULT_CHANGE
+	wb.AddData(msg)
+
+	var (
+		b      = make([]byte, 4)
+		native = nativeEndian()
+	)
+	native.PutUint32(b, uint32(fd))
+
+	data := newRtAttr(IFLA_NET_NS_FD, b)
+	wb.AddData(data)
+
+	if err := s.Send(wb); err != nil {
+		return err
+	}
+
+	return s.HandleAck(wb.Seq)
+}
+
+// Add an Ip address to an interface. This is identical to:
+// ip addr add $ip/$ipNet dev $iface
+func NetworkLinkAddIp(iface *net.Interface, ip net.IP, ipNet *net.IPNet) error {
+	s, err := getNetlinkSocket()
+	if err != nil {
+		return err
+	}
+	defer s.Close()
+
+	family := getIpFamily(ip)
+
+	wb := newNetlinkRequest(syscall.RTM_NEWADDR, syscall.NLM_F_CREATE|syscall.NLM_F_EXCL|syscall.NLM_F_ACK)
+
+	msg := newIfAddrmsg(family)
+	msg.Index = uint32(iface.Index)
+	prefixLen, _ := ipNet.Mask.Size()
+	msg.Prefixlen = uint8(prefixLen)
+	wb.AddData(msg)
+
+	var ipData []byte
+	if family == syscall.AF_INET {
+		ipData = ip.To4()
+	} else {
+		ipData = ip.To16()
+	}
+
+	localData := newRtAttr(syscall.IFA_LOCAL, ipData)
+	wb.AddData(localData)
+
+	addrData := newRtAttr(syscall.IFA_ADDRESS, ipData)
+	wb.AddData(addrData)
+
+	if err := s.Send(wb); err != nil {
+		return err
+	}
+
+	return s.HandleAck(wb.Seq)
+}
+
+func zeroTerminated(s string) []byte {
+	return []byte(s + "\000")
+}
+
+func nonZeroTerminated(s string) []byte {
+	return []byte(s)
+}
+
+// Add a new network link of a specified type. This is identical to
+// running: ip add link $name type $linkType
+func NetworkLinkAdd(name string, linkType string) error {
+	s, err := getNetlinkSocket()
+	if err != nil {
+		return err
+	}
+	defer s.Close()
+
+	wb := newNetlinkRequest(syscall.RTM_NEWLINK, syscall.NLM_F_CREATE|syscall.NLM_F_EXCL|syscall.NLM_F_ACK)
+
+	msg := newIfInfomsg(syscall.AF_UNSPEC)
+	wb.AddData(msg)
+
+	if name != "" {
+		nameData := newRtAttr(syscall.IFLA_IFNAME, zeroTerminated(name))
+		wb.AddData(nameData)
+	}
+
+	kindData := newRtAttr(IFLA_INFO_KIND, nonZeroTerminated(linkType))
+
+	infoData := newRtAttr(syscall.IFLA_LINKINFO, kindData.ToWireFormat())
+	wb.AddData(infoData)
+
+	if err := s.Send(wb); err != nil {
+		return err
+	}
+
+	return s.HandleAck(wb.Seq)
+}
+
+// Returns an array of IPNet for all the currently routed subnets on ipv4
+// This is similar to the first column of "ip route" output
+func NetworkGetRoutes() ([]Route, error) {
+	native := nativeEndian()
+
+	s, err := getNetlinkSocket()
+	if err != nil {
+		return nil, err
+	}
+	defer s.Close()
+
+	wb := newNetlinkRequest(syscall.RTM_GETROUTE, syscall.NLM_F_DUMP)
+
+	msg := newIfInfomsg(syscall.AF_UNSPEC)
+	wb.AddData(msg)
+
+	if err := s.Send(wb); err != nil {
+		return nil, err
+	}
+
+	pid, err := s.GetPid()
+	if err != nil {
+		return nil, err
+	}
+
+	res := make([]Route, 0)
+
+done:
+	for {
+		msgs, err := s.Receive()
+		if err != nil {
+			return nil, err
+		}
+		for _, m := range msgs {
+			if m.Header.Seq != wb.Seq {
+				return nil, fmt.Errorf("Wrong Seq nr %d, expected 1", m.Header.Seq)
+			}
+			if m.Header.Pid != pid {
+				return nil, fmt.Errorf("Wrong pid %d, expected %d", m.Header.Pid, pid)
+			}
+			if m.Header.Type == syscall.NLMSG_DONE {
+				break done
+			}
+			if m.Header.Type == syscall.NLMSG_ERROR {
+				error := int32(native.Uint32(m.Data[0:4]))
+				if error == 0 {
+					break done
+				}
+				return nil, syscall.Errno(-error)
+			}
+			if m.Header.Type != syscall.RTM_NEWROUTE {
+				continue
+			}
+
+			var r Route
+
+			msg := (*RtMsg)(unsafe.Pointer(&m.Data[0:syscall.SizeofRtMsg][0]))
+
+			if msg.Flags&syscall.RTM_F_CLONED != 0 {
+				// Ignore cloned routes
+				continue
+			}
+
+			if msg.Table != syscall.RT_TABLE_MAIN {
+				// Ignore non-main tables
+				continue
+			}
+
+			if msg.Family != syscall.AF_INET {
+				// Ignore non-ipv4 routes
+				continue
+			}
+
+			if msg.Dst_len == 0 {
+				// Default routes
+				r.Default = true
+			}
+
+			attrs, err := syscall.ParseNetlinkRouteAttr(&m)
+			if err != nil {
+				return nil, err
+			}
+			for _, attr := range attrs {
+				switch attr.Attr.Type {
+				case syscall.RTA_DST:
+					ip := attr.Value
+					r.IPNet = &net.IPNet{
+						IP:   ip,
+						Mask: net.CIDRMask(int(msg.Dst_len), 8*len(ip)),
+					}
+				case syscall.RTA_OIF:
+					index := int(native.Uint32(attr.Value[0:4]))
+					r.Iface, _ = net.InterfaceByIndex(index)
+				}
+			}
+			if r.Default || r.IPNet != nil {
+				res = append(res, r)
+			}
+		}
+	}
+
+	return res, nil
+}
+
+func getIfSocket() (fd int, err error) {
+	for _, socket := range []int{
+		syscall.AF_INET,
+		syscall.AF_PACKET,
+		syscall.AF_INET6,
+	} {
+		if fd, err = syscall.Socket(socket, syscall.SOCK_DGRAM, 0); err == nil {
+			break
+		}
+	}
+	if err == nil {
+		return fd, nil
+	}
+	return -1, err
+}
+
+func NetworkChangeName(iface *net.Interface, newName string) error {
+	fd, err := getIfSocket()
+	if err != nil {
+		return err
+	}
+	defer syscall.Close(fd)
+
+	data := [IFNAMSIZ * 2]byte{}
+	// the "-1"s here are very important for ensuring we get proper null
+	// termination of our new C strings
+	copy(data[:IFNAMSIZ-1], iface.Name)
+	copy(data[IFNAMSIZ:IFNAMSIZ*2-1], newName)
+
+	if _, _, errno := syscall.Syscall(syscall.SYS_IOCTL, uintptr(fd), syscall.SIOCSIFNAME, uintptr(unsafe.Pointer(&data[0]))); errno != 0 {
+		return errno
+	}
+	return nil
+}
+
+func NetworkCreateVethPair(name1, name2 string) error {
+	s, err := getNetlinkSocket()
+	if err != nil {
+		return err
+	}
+	defer s.Close()
+
+	wb := newNetlinkRequest(syscall.RTM_NEWLINK, syscall.NLM_F_CREATE|syscall.NLM_F_EXCL|syscall.NLM_F_ACK)
+
+	msg := newIfInfomsg(syscall.AF_UNSPEC)
+	wb.AddData(msg)
+
+	nameData := newRtAttr(syscall.IFLA_IFNAME, zeroTerminated(name1))
+	wb.AddData(nameData)
+
+	nest1 := newRtAttr(syscall.IFLA_LINKINFO, nil)
+	newRtAttrChild(nest1, IFLA_INFO_KIND, zeroTerminated("veth"))
+	nest2 := newRtAttrChild(nest1, IFLA_INFO_DATA, nil)
+	nest3 := newRtAttrChild(nest2, VETH_INFO_PEER, nil)
+
+	newIfInfomsgChild(nest3, syscall.AF_UNSPEC)
+	newRtAttrChild(nest3, syscall.IFLA_IFNAME, zeroTerminated(name2))
+
+	wb.AddData(nest1)
+
+	if err := s.Send(wb); err != nil {
+		return err
+	}
+	return s.HandleAck(wb.Seq)
+}
+
+// Create the actual bridge device.  This is more backward-compatible than
+// netlink.NetworkLinkAdd and works on RHEL 6.
+func CreateBridge(name string, setMacAddr bool) error {
+	s, err := syscall.Socket(syscall.AF_INET6, syscall.SOCK_STREAM, syscall.IPPROTO_IP)
+	if err != nil {
+		// ipv6 issue, creating with ipv4
+		s, err = syscall.Socket(syscall.AF_INET, syscall.SOCK_STREAM, syscall.IPPROTO_IP)
+		if err != nil {
+			return err
+		}
+	}
+	defer syscall.Close(s)
+
+	nameBytePtr, err := syscall.BytePtrFromString(name)
+	if err != nil {
+		return err
+	}
+	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, uintptr(s), SIOC_BRADDBR, uintptr(unsafe.Pointer(nameBytePtr))); err != 0 {
+		return err
+	}
+	if setMacAddr {
+		return setBridgeMacAddress(s, name)
+	}
+	return nil
+}
+
+// Add a slave to abridge device.  This is more backward-compatible than
+// netlink.NetworkSetMaster and works on RHEL 6.
+func AddToBridge(iface, master *net.Interface) error {
+	s, err := syscall.Socket(syscall.AF_INET6, syscall.SOCK_STREAM, syscall.IPPROTO_IP)
+	if err != nil {
+		// ipv6 issue, creating with ipv4
+		s, err = syscall.Socket(syscall.AF_INET, syscall.SOCK_STREAM, syscall.IPPROTO_IP)
+		if err != nil {
+			return err
+		}
+	}
+	defer syscall.Close(s)
+
+	ifr := ifreqIndex{}
+	copy(ifr.IfrnName[:], master.Name)
+	ifr.IfruIndex = int32(iface.Index)
+
+	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, uintptr(s), SIOC_BRADDIF, uintptr(unsafe.Pointer(&ifr))); err != 0 {
+		return err
+	}
+
+	return nil
+}
+
+func setBridgeMacAddress(s int, name string) error {
+	ifr := ifreqHwaddr{}
+	ifr.IfruHwaddr.Family = syscall.ARPHRD_ETHER
+	copy(ifr.IfrnName[:], name)
+
+	for i := 0; i < 6; i++ {
+		ifr.IfruHwaddr.Data[i] = int8(rand.Intn(255))
+	}
+
+	ifr.IfruHwaddr.Data[0] &^= 0x1 // clear multicast bit
+	ifr.IfruHwaddr.Data[0] |= 0x2  // set local assignment bit (IEEE802)
+
+	if _, _, err := syscall.Syscall(syscall.SYS_IOCTL, uintptr(s), syscall.SIOCSIFHWADDR, uintptr(unsafe.Pointer(&ifr))); err != 0 {
+		return err
+	}
+	return nil
+}

Godeps/_workspace/src/github.com/dotcloud/docker/pkg/netlink/netlink_unsupported.go

@@ -0,0 +1,69 @@
+// +build !linux !amd64
+
+package netlink
+
+import (
+	"errors"
+	"net"
+)
+
+var (
+	ErrNotImplemented = errors.New("not implemented")
+)
+
+func NetworkGetRoutes() ([]Route, error) {
+	return nil, ErrNotImplemented
+}
+
+func NetworkLinkAdd(name string, linkType string) error {
+	return ErrNotImplemented
+}
+
+func NetworkLinkUp(iface *net.Interface) error {
+	return ErrNotImplemented
+}
+
+func NetworkLinkAddIp(iface *net.Interface, ip net.IP, ipNet *net.IPNet) error {
+	return ErrNotImplemented
+}
+
+func AddDefaultGw(ip net.IP) error {
+	return ErrNotImplemented
+
+}
+
+func NetworkSetMTU(iface *net.Interface, mtu int) error {
+	return ErrNotImplemented
+}
+
+func NetworkCreateVethPair(name1, name2 string) error {
+	return ErrNotImplemented
+}
+
+func NetworkChangeName(iface *net.Interface, newName string) error {
+	return ErrNotImplemented
+}
+
+func NetworkSetNsFd(iface *net.Interface, fd int) error {
+	return ErrNotImplemented
+}
+
+func NetworkSetNsPid(iface *net.Interface, nspid int) error {
+	return ErrNotImplemented
+}
+
+func NetworkSetMaster(iface, master *net.Interface) error {
+	return ErrNotImplemented
+}
+
+func NetworkLinkDown(iface *net.Interface) error {
+	return ErrNotImplemented
+}
+
+func CreateBridge(name string, setMacAddr bool) error {
+	return ErrNotImplemented
+}
+
+func AddToBridge(iface, master *net.Interface) error {
+	return ErrNotImplemented
+}

Godeps/_workspace/src/github.com/guelfey/go.dbus/introspect/call.go

@@ -2,7 +2,7 @@ package introspect
 
 import (
 	"encoding/xml"
-	"github.com/coreos/coreos-cloudinit/third_party/github.com/guelfey/go.dbus"
+	"github.com/coreos/coreos-cloudinit/Godeps/_workspace/src/github.com/guelfey/go.dbus"
 	"strings"
 )
 

Godeps/_workspace/src/github.com/guelfey/go.dbus/introspect/introspectable.go

@@ -2,7 +2,7 @@ package introspect
 
 import (
 	"encoding/xml"
-	"github.com/coreos/coreos-cloudinit/third_party/github.com/guelfey/go.dbus"
+	"github.com/coreos/coreos-cloudinit/Godeps/_workspace/src/github.com/guelfey/go.dbus"
 	"reflect"
 )
 

Godeps/_workspace/src/github.com/guelfey/go.dbus/prop/prop.go

@@ -3,8 +3,8 @@
 package prop
 
 import (
-	"github.com/coreos/coreos-cloudinit/third_party/github.com/guelfey/go.dbus"
-	"github.com/coreos/coreos-cloudinit/third_party/github.com/guelfey/go.dbus/introspect"
+	"github.com/coreos/coreos-cloudinit/Godeps/_workspace/src/github.com/guelfey/go.dbus"
+	"github.com/coreos/coreos-cloudinit/Godeps/_workspace/src/github.com/guelfey/go.dbus/introspect"
 	"sync"
 )
 

Godeps/_workspace/src/github.com/tarm/goserial/LICENSE

@@ -0,0 +1,27 @@
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Godeps/_workspace/src/github.com/tarm/goserial/README.md

@@ -0,0 +1,63 @@
+GoSerial
+========
+A simple go package to allow you to read and write from the
+serial port as a stream of bytes.
+
+Details
+-------
+It aims to have the same API on all platforms, including windows.  As
+an added bonus, the windows package does not use cgo, so you can cross
+compile for windows from another platform.  Unfortunately goinstall
+does not currently let you cross compile so you will have to do it
+manually:
+
+    GOOS=windows make clean install
+
+Currently there is very little in the way of configurability.  You can
+set the baud rate.  Then you can Read(), Write(), or Close() the
+connection.  Read() will block until at least one byte is returned.
+Write is the same.  There is currently no exposed way to set the
+timeouts, though patches are welcome.
+
+Currently all ports are opened with 8 data bits, 1 stop bit, no
+parity, no hardware flow control, and no software flow control.  This
+works fine for many real devices and many faux serial devices
+including usb-to-serial converters and bluetooth serial ports.
+
+You may Read() and Write() simulantiously on the same connection (from
+different goroutines).
+
+Usage
+-----
+```go
+package main
+
+import (
+        "github.com/tarm/goserial"
+        "log"
+)
+
+func main() {
+        c := &serial.Config{Name: "COM45", Baud: 115200}
+        s, err := serial.OpenPort(c)
+        if err != nil {
+                log.Fatal(err)
+        }
+        
+        n, err := s.Write([]byte("test"))
+        if err != nil {
+                log.Fatal(err)
+        }
+        
+        buf := make([]byte, 128)
+        n, err = s.Read(buf)
+        if err != nil {
+                log.Fatal(err)
+        }
+        log.Print("%q", buf[:n])
+}
+```
+
+Possible Future Work
+-------------------- 
+- better tests (loopback etc)

Godeps/_workspace/src/github.com/tarm/goserial/basic_test.go

@@ -0,0 +1,61 @@
+package serial
+
+import (
+	"testing"
+	"time"
+)
+
+func TestConnection(t *testing.T) {
+	c0 := &Config{Name: "/dev/ttyUSB0", Baud: 115200}
+	c1 := &Config{Name: "/dev/ttyUSB1", Baud: 115200}
+
+	s1, err := OpenPort(c0)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	s2, err := OpenPort(c1)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	ch := make(chan int, 1)
+	go func() {
+		buf := make([]byte, 128)
+		var readCount int
+		for {
+			n, err := s2.Read(buf)
+			if err != nil {
+				t.Fatal(err)
+			}
+			readCount++
+			t.Logf("Read %v %v bytes: % 02x %s", readCount, n, buf[:n], buf[:n])
+			select {
+			case <-ch:
+				ch <- readCount
+				close(ch)
+			default:
+			}
+		}
+	}()
+
+	if _, err = s1.Write([]byte("hello")); err != nil {
+		t.Fatal(err)
+	}
+	if _, err = s1.Write([]byte(" ")); err != nil {
+		t.Fatal(err)
+	}
+	time.Sleep(time.Second)
+	if _, err = s1.Write([]byte("world")); err != nil {
+		t.Fatal(err)
+	}
+	time.Sleep(time.Second / 10)
+
+	ch <- 0
+	s1.Write([]byte(" ")) // We could be blocked in the read without this
+	c := <-ch
+	exp := 5
+	if c >= exp {
+		t.Fatalf("Expected less than %v read, got %v", exp, c)
+	}
+}

Godeps/_workspace/src/github.com/tarm/goserial/serial.go

@@ -0,0 +1,99 @@
+/*
+Goserial is a simple go package to allow you to read and write from
+the serial port as a stream of bytes.
+
+It aims to have the same API on all platforms, including windows.  As
+an added bonus, the windows package does not use cgo, so you can cross
+compile for windows from another platform.  Unfortunately goinstall
+does not currently let you cross compile so you will have to do it
+manually:
+
+ GOOS=windows make clean install
+
+Currently there is very little in the way of configurability.  You can
+set the baud rate.  Then you can Read(), Write(), or Close() the
+connection.  Read() will block until at least one byte is returned.
+Write is the same.  There is currently no exposed way to set the
+timeouts, though patches are welcome.
+
+Currently all ports are opened with 8 data bits, 1 stop bit, no
+parity, no hardware flow control, and no software flow control.  This
+works fine for many real devices and many faux serial devices
+including usb-to-serial converters and bluetooth serial ports.
+
+You may Read() and Write() simulantiously on the same connection (from
+different goroutines).
+
+Example usage:
+
+  package main
+
+  import (
+        "github.com/tarm/goserial"
+        "log"
+  )
+
+  func main() {
+        c := &serial.Config{Name: "COM5", Baud: 115200}
+        s, err := serial.OpenPort(c)
+        if err != nil {
+                log.Fatal(err)
+        }
+
+        n, err := s.Write([]byte("test"))
+        if err != nil {
+                log.Fatal(err)
+        }
+
+        buf := make([]byte, 128)
+        n, err = s.Read(buf)
+        if err != nil {
+                log.Fatal(err)
+        }
+        log.Print("%q", buf[:n])
+  }
+*/
+package serial
+
+import "io"
+
+// Config contains the information needed to open a serial port.
+//
+// Currently few options are implemented, but more may be added in the
+// future (patches welcome), so it is recommended that you create a
+// new config addressing the fields by name rather than by order.
+//
+// For example:
+//
+//    c0 := &serial.Config{Name: "COM45", Baud: 115200}
+// or
+//    c1 := new(serial.Config)
+//    c1.Name = "/dev/tty.usbserial"
+//    c1.Baud = 115200
+//
+type Config struct {
+	Name string
+	Baud int
+
+	// Size     int // 0 get translated to 8
+	// Parity   SomeNewTypeToGetCorrectDefaultOf_None
+	// StopBits SomeNewTypeToGetCorrectDefaultOf_1
+
+	// RTSFlowControl bool
+	// DTRFlowControl bool
+	// XONFlowControl bool
+
+	// CRLFTranslate bool
+	// TimeoutStuff int
+}
+
+// OpenPort opens a serial port with the specified configuration
+func OpenPort(c *Config) (io.ReadWriteCloser, error) {
+	return openPort(c.Name, c.Baud)
+}
+
+// func Flush()
+
+// func SendBreak()
+
+// func RegisterBreakHandler(func())

Godeps/_workspace/src/github.com/tarm/goserial/serial_linux.go

@@ -0,0 +1,90 @@
+// +build linux,!cgo
+
+package serial
+
+import (
+	"io"
+	"os"
+	"syscall"
+	"unsafe"
+)
+
+func openPort(name string, baud int) (rwc io.ReadWriteCloser, err error) {
+
+	var bauds = map[int]uint32{
+		50:      syscall.B50,
+		75:      syscall.B75,
+		110:     syscall.B110,
+		134:     syscall.B134,
+		150:     syscall.B150,
+		200:     syscall.B200,
+		300:     syscall.B300,
+		600:     syscall.B600,
+		1200:    syscall.B1200,
+		1800:    syscall.B1800,
+		2400:    syscall.B2400,
+		4800:    syscall.B4800,
+		9600:    syscall.B9600,
+		19200:   syscall.B19200,
+		38400:   syscall.B38400,
+		57600:   syscall.B57600,
+		115200:  syscall.B115200,
+		230400:  syscall.B230400,
+		460800:  syscall.B460800,
+		500000:  syscall.B500000,
+		576000:  syscall.B576000,
+		921600:  syscall.B921600,
+		1000000: syscall.B1000000,
+		1152000: syscall.B1152000,
+		1500000: syscall.B1500000,
+		2000000: syscall.B2000000,
+		2500000: syscall.B2500000,
+		3000000: syscall.B3000000,
+		3500000: syscall.B3500000,
+		4000000: syscall.B4000000,
+	}
+
+	rate := bauds[baud]
+
+	if rate == 0 {
+		return
+	}
+
+	f, err := os.OpenFile(name, syscall.O_RDWR|syscall.O_NOCTTY|syscall.O_NONBLOCK, 0666)
+	if err != nil {
+		return nil, err
+	}
+
+	defer func() {
+		if err != nil && f != nil {
+			f.Close()
+		}
+	}()
+
+	fd := f.Fd()
+	t := syscall.Termios{
+		Iflag:  syscall.IGNPAR,
+		Cflag:  syscall.CS8 | syscall.CREAD | syscall.CLOCAL | rate,
+		Cc:     [32]uint8{syscall.VMIN: 1},
+		Ispeed: rate,
+		Ospeed: rate,
+	}
+
+	if _, _, errno := syscall.Syscall6(
+		syscall.SYS_IOCTL,
+		uintptr(fd),
+		uintptr(syscall.TCSETS),
+		uintptr(unsafe.Pointer(&t)),
+		0,
+		0,
+		0,
+	); errno != 0 {
+		return nil, errno
+	}
+
+	if err = syscall.SetNonblock(int(fd), false); err != nil {
+		return
+	}
+
+	return f, nil
+}

Godeps/_workspace/src/github.com/tarm/goserial/serial_posix.go

@@ -0,0 +1,107 @@
+// +build !windows,cgo
+
+package serial
+
+// #include <termios.h>
+// #include <unistd.h>
+import "C"
+
+// TODO: Maybe change to using syscall package + ioctl instead of cgo
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"syscall"
+	//"unsafe"
+)
+
+func openPort(name string, baud int) (rwc io.ReadWriteCloser, err error) {
+	f, err := os.OpenFile(name, syscall.O_RDWR|syscall.O_NOCTTY|syscall.O_NONBLOCK, 0666)
+	if err != nil {
+		return
+	}
+
+	fd := C.int(f.Fd())
+	if C.isatty(fd) != 1 {
+		f.Close()
+		return nil, errors.New("File is not a tty")
+	}
+
+	var st C.struct_termios
+	_, err = C.tcgetattr(fd, &st)
+	if err != nil {
+		f.Close()
+		return nil, err
+	}
+	var speed C.speed_t
+	switch baud {
+	case 115200:
+		speed = C.B115200
+	case 57600:
+		speed = C.B57600
+	case 38400:
+		speed = C.B38400
+	case 19200:
+		speed = C.B19200
+	case 9600:
+		speed = C.B9600
+	case 4800:
+		speed = C.B4800
+	case 2400:
+		speed = C.B2400
+	default:
+		f.Close()
+		return nil, fmt.Errorf("Unknown baud rate %v", baud)
+	}
+
+	_, err = C.cfsetispeed(&st, speed)
+	if err != nil {
+		f.Close()
+		return nil, err
+	}
+	_, err = C.cfsetospeed(&st, speed)
+	if err != nil {
+		f.Close()
+		return nil, err
+	}
+
+	// Select local mode
+	st.c_cflag |= (C.CLOCAL | C.CREAD)
+
+	// Select raw mode
+	st.c_lflag &= ^C.tcflag_t(C.ICANON | C.ECHO | C.ECHOE | C.ISIG)
+	st.c_oflag &= ^C.tcflag_t(C.OPOST)
+
+	_, err = C.tcsetattr(fd, C.TCSANOW, &st)
+	if err != nil {
+		f.Close()
+		return nil, err
+	}
+
+	//fmt.Println("Tweaking", name)
+	r1, _, e := syscall.Syscall(syscall.SYS_FCNTL,
+		uintptr(f.Fd()),
+		uintptr(syscall.F_SETFL),
+		uintptr(0))
+	if e != 0 || r1 != 0 {
+		s := fmt.Sprint("Clearing NONBLOCK syscall error:", e, r1)
+		f.Close()
+		return nil, errors.New(s)
+	}
+
+	/*
+				r1, _, e = syscall.Syscall(syscall.SYS_IOCTL,
+			                uintptr(f.Fd()),
+			                uintptr(0x80045402), // IOSSIOSPEED
+			                uintptr(unsafe.Pointer(&baud)));
+			        if e != 0 || r1 != 0 {
+			                s := fmt.Sprint("Baudrate syscall error:", e, r1)
+					f.Close()
+		                        return nil, os.NewError(s)
+				}
+	*/
+
+	return f, nil
+}

Godeps/_workspace/src/github.com/tarm/goserial/serial_windows.go

@@ -0,0 +1,263 @@
+// +build windows
+
+package serial
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"sync"
+	"syscall"
+	"unsafe"
+)
+
+type serialPort struct {
+	f  *os.File
+	fd syscall.Handle
+	rl sync.Mutex
+	wl sync.Mutex
+	ro *syscall.Overlapped
+	wo *syscall.Overlapped
+}
+
+type structDCB struct {
+	DCBlength, BaudRate                            uint32
+	flags                                          [4]byte
+	wReserved, XonLim, XoffLim                     uint16
+	ByteSize, Parity, StopBits                     byte
+	XonChar, XoffChar, ErrorChar, EofChar, EvtChar byte
+	wReserved1                                     uint16
+}
+
+type structTimeouts struct {
+	ReadIntervalTimeout         uint32
+	ReadTotalTimeoutMultiplier  uint32
+	ReadTotalTimeoutConstant    uint32
+	WriteTotalTimeoutMultiplier uint32
+	WriteTotalTimeoutConstant   uint32
+}
+
+func openPort(name string, baud int) (rwc io.ReadWriteCloser, err error) {
+	if len(name) > 0 && name[0] != '\\' {
+		name = "\\\\.\\" + name
+	}
+
+	h, err := syscall.CreateFile(syscall.StringToUTF16Ptr(name),
+		syscall.GENERIC_READ|syscall.GENERIC_WRITE,
+		0,
+		nil,
+		syscall.OPEN_EXISTING,
+		syscall.FILE_ATTRIBUTE_NORMAL|syscall.FILE_FLAG_OVERLAPPED,
+		0)
+	if err != nil {
+		return nil, err
+	}
+	f := os.NewFile(uintptr(h), name)
+	defer func() {
+		if err != nil {
+			f.Close()
+		}
+	}()
+
+	if err = setCommState(h, baud); err != nil {
+		return
+	}
+	if err = setupComm(h, 64, 64); err != nil {
+		return
+	}
+	if err = setCommTimeouts(h); err != nil {
+		return
+	}
+	if err = setCommMask(h); err != nil {
+		return
+	}
+
+	ro, err := newOverlapped()
+	if err != nil {
+		return
+	}
+	wo, err := newOverlapped()
+	if err != nil {
+		return
+	}
+	port := new(serialPort)
+	port.f = f
+	port.fd = h
+	port.ro = ro
+	port.wo = wo
+
+	return port, nil
+}
+
+func (p *serialPort) Close() error {
+	return p.f.Close()
+}
+
+func (p *serialPort) Write(buf []byte) (int, error) {
+	p.wl.Lock()
+	defer p.wl.Unlock()
+
+	if err := resetEvent(p.wo.HEvent); err != nil {
+		return 0, err
+	}
+	var n uint32
+	err := syscall.WriteFile(p.fd, buf, &n, p.wo)
+	if err != nil && err != syscall.ERROR_IO_PENDING {
+		return int(n), err
+	}
+	return getOverlappedResult(p.fd, p.wo)
+}
+
+func (p *serialPort) Read(buf []byte) (int, error) {
+	if p == nil || p.f == nil {
+		return 0, fmt.Errorf("Invalid port on read %v %v", p, p.f)
+	}
+
+	p.rl.Lock()
+	defer p.rl.Unlock()
+
+	if err := resetEvent(p.ro.HEvent); err != nil {
+		return 0, err
+	}
+	var done uint32
+	err := syscall.ReadFile(p.fd, buf, &done, p.ro)
+	if err != nil && err != syscall.ERROR_IO_PENDING {
+		return int(done), err
+	}
+	return getOverlappedResult(p.fd, p.ro)
+}
+
+var (
+	nSetCommState,
+	nSetCommTimeouts,
+	nSetCommMask,
+	nSetupComm,
+	nGetOverlappedResult,
+	nCreateEvent,
+	nResetEvent uintptr
+)
+
+func init() {
+	k32, err := syscall.LoadLibrary("kernel32.dll")
+	if err != nil {
+		panic("LoadLibrary " + err.Error())
+	}
+	defer syscall.FreeLibrary(k32)
+
+	nSetCommState = getProcAddr(k32, "SetCommState")
+	nSetCommTimeouts = getProcAddr(k32, "SetCommTimeouts")
+	nSetCommMask = getProcAddr(k32, "SetCommMask")
+	nSetupComm = getProcAddr(k32, "SetupComm")
+	nGetOverlappedResult = getProcAddr(k32, "GetOverlappedResult")
+	nCreateEvent = getProcAddr(k32, "CreateEventW")
+	nResetEvent = getProcAddr(k32, "ResetEvent")
+}
+
+func getProcAddr(lib syscall.Handle, name string) uintptr {
+	addr, err := syscall.GetProcAddress(lib, name)
+	if err != nil {
+		panic(name + " " + err.Error())
+	}
+	return addr
+}
+
+func setCommState(h syscall.Handle, baud int) error {
+	var params structDCB
+	params.DCBlength = uint32(unsafe.Sizeof(params))
+
+	params.flags[0] = 0x01  // fBinary
+	params.flags[0] |= 0x10 // Assert DSR
+
+	params.BaudRate = uint32(baud)
+	params.ByteSize = 8
+
+	r, _, err := syscall.Syscall(nSetCommState, 2, uintptr(h), uintptr(unsafe.Pointer(&params)), 0)
+	if r == 0 {
+		return err
+	}
+	return nil
+}
+
+func setCommTimeouts(h syscall.Handle) error {
+	var timeouts structTimeouts
+	const MAXDWORD = 1<<32 - 1
+	timeouts.ReadIntervalTimeout = MAXDWORD
+	timeouts.ReadTotalTimeoutMultiplier = MAXDWORD
+	timeouts.ReadTotalTimeoutConstant = MAXDWORD - 1
+
+	/* From http://msdn.microsoft.com/en-us/library/aa363190(v=VS.85).aspx
+
+		 For blocking I/O see below:
+
+		 Remarks:
+
+		 If an application sets ReadIntervalTimeout and
+		 ReadTotalTimeoutMultiplier to MAXDWORD and sets
+		 ReadTotalTimeoutConstant to a value greater than zero and
+		 less than MAXDWORD, one of the following occurs when the
+		 ReadFile function is called:
+
+		 If there are any bytes in the input buffer, ReadFile returns
+		       immediately with the bytes in the buffer.
+
+		 If there are no bytes in the input buffer, ReadFile waits
+	               until a byte arrives and then returns immediately.
+
+		 If no bytes arrive within the time specified by
+		       ReadTotalTimeoutConstant, ReadFile times out.
+	*/
+
+	r, _, err := syscall.Syscall(nSetCommTimeouts, 2, uintptr(h), uintptr(unsafe.Pointer(&timeouts)), 0)
+	if r == 0 {
+		return err
+	}
+	return nil
+}
+
+func setupComm(h syscall.Handle, in, out int) error {
+	r, _, err := syscall.Syscall(nSetupComm, 3, uintptr(h), uintptr(in), uintptr(out))
+	if r == 0 {
+		return err
+	}
+	return nil
+}
+
+func setCommMask(h syscall.Handle) error {
+	const EV_RXCHAR = 0x0001
+	r, _, err := syscall.Syscall(nSetCommMask, 2, uintptr(h), EV_RXCHAR, 0)
+	if r == 0 {
+		return err
+	}
+	return nil
+}
+
+func resetEvent(h syscall.Handle) error {
+	r, _, err := syscall.Syscall(nResetEvent, 1, uintptr(h), 0, 0)
+	if r == 0 {
+		return err
+	}
+	return nil
+}
+
+func newOverlapped() (*syscall.Overlapped, error) {
+	var overlapped syscall.Overlapped
+	r, _, err := syscall.Syscall6(nCreateEvent, 4, 0, 1, 0, 0, 0, 0)
+	if r == 0 {
+		return nil, err
+	}
+	overlapped.HEvent = syscall.Handle(r)
+	return &overlapped, nil
+}
+
+func getOverlappedResult(h syscall.Handle, overlapped *syscall.Overlapped) (int, error) {
+	var n int
+	r, _, err := syscall.Syscall6(nGetOverlappedResult, 4,
+		uintptr(h),
+		uintptr(unsafe.Pointer(overlapped)),
+		uintptr(unsafe.Pointer(&n)), 1, 0, 0)
+	if r == 0 {
+		return n, err
+	}
+
+	return n, nil
+}

Godeps/_workspace/src/gopkg.in/yaml.v1/LICENSE.libyaml

@@ -1,3 +1,15 @@
+The following files were ported to Go from C files of libyaml, and thus
+are still covered by their original copyright and license:
+
+    apic.go
+    emitterc.go
+    parserc.go
+    readerc.go
+    scannerc.go
+    writerc.go
+    yamlh.go
+    yamlprivateh.go
+
 Copyright (c) 2006 Kirill Simonov
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of

Godeps/_workspace/src/gopkg.in/yaml.v1/README.md

@@ -0,0 +1,128 @@
+# YAML support for the Go language
+
+Introduction
+------------
+
+The yaml package enables Go programs to comfortably encode and decode YAML
+values. It was developed within [Canonical](https://www.canonical.com) as
+part of the [juju](https://juju.ubuntu.com) project, and is based on a
+pure Go port of the well-known [libyaml](http://pyyaml.org/wiki/LibYAML)
+C library to parse and generate YAML data quickly and reliably.
+
+Compatibility
+-------------
+
+The yaml package is almost compatible with YAML 1.1, including support for
+anchors, tags, etc. There are still a few missing bits, such as document
+merging, base-60 floats (huh?), and multi-document unmarshalling. These
+features are not hard to add, and will be introduced as necessary.
+
+Installation and usage
+----------------------
+
+The import path for the package is *gopkg.in/yaml.v1*.
+
+To install it, run:
+
+    go get gopkg.in/yaml.v1
+
+API documentation
+-----------------
+
+If opened in a browser, the import path itself leads to the API documentation:
+
+  * [https://gopkg.in/yaml.v1](https://gopkg.in/yaml.v1)
+
+API stability
+-------------
+
+The package API for yaml v1 will remain stable as described in [gopkg.in](https://gopkg.in).
+
+
+License
+-------
+
+The yaml package is licensed under the LGPL with an exception that allows it to be linked statically. Please see the LICENSE file for details.
+
+
+Example
+-------
+
+```Go
+package main
+
+import (
+        "fmt"
+        "log"
+
+        "gopkg.in/yaml.v1"
+)
+
+var data = `
+a: Easy!
+b:
+  c: 2
+  d: [3, 4]
+`
+
+type T struct {
+        A string
+        B struct{C int; D []int ",flow"}
+}
+
+func main() {
+        t := T{}
+    
+        err := yaml.Unmarshal([]byte(data), &t)
+        if err != nil {
+                log.Fatalf("error: %v", err)
+        }
+        fmt.Printf("--- t:\n%v\n\n", t)
+    
+        d, err := yaml.Marshal(&t)
+        if err != nil {
+                log.Fatalf("error: %v", err)
+        }
+        fmt.Printf("--- t dump:\n%s\n\n", string(d))
+    
+        m := make(map[interface{}]interface{})
+    
+        err = yaml.Unmarshal([]byte(data), &m)
+        if err != nil {
+                log.Fatalf("error: %v", err)
+        }
+        fmt.Printf("--- m:\n%v\n\n", m)
+    
+        d, err = yaml.Marshal(&m)
+        if err != nil {
+                log.Fatalf("error: %v", err)
+        }
+        fmt.Printf("--- m dump:\n%s\n\n", string(d))
+}
+```
+
+This example will generate the following output:
+
+```
+--- t:
+{Easy! {2 [3 4]}}
+
+--- t dump:
+a: Easy!
+b:
+  c: 2
+  d: [3, 4]
+
+
+--- m:
+map[a:Easy! b:map[c:2 d:[3 4]]]
+
+--- m dump:
+a: Easy!
+b:
+  c: 2
+  d:
+  - 3
+  - 4
+```
+

Godeps/_workspace/src/gopkg.in/yaml.v1/apic.go

@@ -1,4 +1,4 @@
-package goyaml
+package yaml
 
 import (
 	"io"

Godeps/_workspace/src/gopkg.in/yaml.v1/decode.go

@@ -1,8 +1,9 @@
-package goyaml
+package yaml
 
 import (
 	"reflect"
 	"strconv"
+	"time"
 )
 
 const (
@@ -211,6 +212,16 @@ func newDecoder() *decoder {
 //   returned to call SetYAML() with the value of *out once it's defined.
 //
 func (d *decoder) setter(tag string, out *reflect.Value, good *bool) (set func()) {
+	if (*out).Kind() != reflect.Ptr && (*out).CanAddr() {
+		setter, _ := (*out).Addr().Interface().(Setter)
+		if setter != nil {
+			var arg interface{}
+			*out = reflect.ValueOf(&arg).Elem()
+			return func() {
+				*good = setter.SetYAML(tag, arg)
+			}
+		}
+	}
 	again := true
 	for again {
 		again = false
@@ -279,16 +290,19 @@ func (d *decoder) alias(n *node, out reflect.Value) (good bool) {
 	return good
 }
 
+var durationType = reflect.TypeOf(time.Duration(0))
+
 func (d *decoder) scalar(n *node, out reflect.Value) (good bool) {
 	var tag string
 	var resolved interface{}
 	if n.tag == "" && !n.implicit {
+		tag = "!!str"
 		resolved = n.value
 	} else {
 		tag, resolved = resolve(n.tag, n.value)
-		if set := d.setter(tag, &out, &good); set != nil {
-			defer set()
-		}
+	}
+	if set := d.setter(tag, &out, &good); set != nil {
+		defer set()
 	}
 	switch out.Kind() {
 	case reflect.String:
@@ -320,6 +334,14 @@ func (d *decoder) scalar(n *node, out reflect.Value) (good bool) {
 				out.SetInt(int64(resolved))
 				good = true
 			}
+		case string:
+			if out.Type() == durationType {
+				d, err := time.ParseDuration(resolved)
+				if err == nil {
+					out.SetInt(int64(d))
+					good = true
+				}
+			}
 		}
 	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
 		switch resolved := resolved.(type) {
@@ -437,6 +459,10 @@ func (d *decoder) mapping(n *node, out reflect.Value) (good bool) {
 	}
 	l := len(n.children)
 	for i := 0; i < l; i += 2 {
+		if isMerge(n.children[i]) {
+			d.merge(n.children[i+1], out)
+			continue
+		}
 		k := reflect.New(kt).Elem()
 		if d.unmarshal(n.children[i], k) {
 			e := reflect.New(et).Elem()
@@ -456,7 +482,12 @@ func (d *decoder) mappingStruct(n *node, out reflect.Value) (good bool) {
 	name := settableValueOf("")
 	l := len(n.children)
 	for i := 0; i < l; i += 2 {
-		if !d.unmarshal(n.children[i], name) {
+		ni := n.children[i]
+		if isMerge(ni) {
+			d.merge(n.children[i+1], out)
+			continue
+		}
+		if !d.unmarshal(ni, name) {
 			continue
 		}
 		if info, ok := sinfo.FieldsMap[name.String()]; ok {
@@ -471,3 +502,37 @@ func (d *decoder) mappingStruct(n *node, out reflect.Value) (good bool) {
 	}
 	return true
 }
+
+func (d *decoder) merge(n *node, out reflect.Value) {
+	const wantMap = "map merge requires map or sequence of maps as the value"
+	switch n.kind {
+	case mappingNode:
+		d.unmarshal(n, out)
+	case aliasNode:
+		an, ok := d.doc.anchors[n.value]
+		if ok && an.kind != mappingNode {
+			panic(wantMap)
+		}
+		d.unmarshal(n, out)
+	case sequenceNode:
+		// Step backwards as earlier nodes take precedence.
+		for i := len(n.children)-1; i >= 0; i-- {
+			ni := n.children[i]
+			if ni.kind == aliasNode {
+				an, ok := d.doc.anchors[ni.value]
+				if ok && an.kind != mappingNode {
+					panic(wantMap)
+				}
+			} else if ni.kind != mappingNode {
+				panic(wantMap)
+			}
+			d.unmarshal(ni, out)
+		}
+	default:
+		panic(wantMap)
+	}
+}
+
+func isMerge(n *node) bool {
+	return n.kind == scalarNode && n.value == "<<" && (n.implicit == true || n.tag == "!!merge" || n.tag == "tag:yaml.org,2002:merge")
+}

Godeps/_workspace/src/gopkg.in/yaml.v1/decode_test.go

@@ -1,10 +1,11 @@
-package goyaml_test
+package yaml_test
 
 import (
-	. "launchpad.net/gocheck"
-	"github.com/coreos/coreos-cloudinit/third_party/launchpad.net/goyaml"
+	. "gopkg.in/check.v1"
+	"github.com/coreos/coreos-cloudinit/Godeps/_workspace/src/gopkg.in/yaml.v1"
 	"math"
 	"reflect"
+	"time"
 )
 
 var unmarshalIntTest = 123
@@ -350,6 +351,32 @@ var unmarshalTests = []struct {
 			C inlineB `yaml:",inline"`
 		}{1, inlineB{2, inlineC{3}}},
 	},
+
+	// bug 1243827
+	{
+		"a: -b_c",
+		map[string]interface{}{"a": "-b_c"},
+	},
+	{
+		"a: +b_c",
+		map[string]interface{}{"a": "+b_c"},
+	},
+	{
+		"a: 50cent_of_dollar",
+		map[string]interface{}{"a": "50cent_of_dollar"},
+	},
+
+	// Duration
+	{
+		"a: 3s",
+		map[string]time.Duration{"a": 3 * time.Second},
+	},
+
+	// Issue #24.
+	{
+		"a: <foo>",
+		map[string]string{"a": "<foo>"},
+	},
 }
 
 type inlineB struct {
@@ -377,7 +404,7 @@ func (s *S) TestUnmarshal(c *C) {
 			pv := reflect.New(pt.Elem())
 			value = pv.Interface()
 		}
-		err := goyaml.Unmarshal([]byte(item.data), value)
+		err := yaml.Unmarshal([]byte(item.data), value)
 		c.Assert(err, IsNil, Commentf("Item #%d", i))
 		if t.Kind() == reflect.String {
 			c.Assert(*value.(*string), Equals, item.value, Commentf("Item #%d", i))
@@ -389,7 +416,7 @@ func (s *S) TestUnmarshal(c *C) {
 
 func (s *S) TestUnmarshalNaN(c *C) {
 	value := map[string]interface{}{}
-	err := goyaml.Unmarshal([]byte("notanum: .NaN"), &value)
+	err := yaml.Unmarshal([]byte("notanum: .NaN"), &value)
 	c.Assert(err, IsNil)
 	c.Assert(math.IsNaN(value["notanum"].(float64)), Equals, true)
 }
@@ -408,7 +435,7 @@ var unmarshalErrorTests = []struct {
 func (s *S) TestUnmarshalErrors(c *C) {
 	for _, item := range unmarshalErrorTests {
 		var value interface{}
-		err := goyaml.Unmarshal([]byte(item.data), &value)
+		err := yaml.Unmarshal([]byte(item.data), &value)
 		c.Assert(err, ErrorMatches, item.error, Commentf("Partial unmarshal: %#v", value))
 	}
 }
@@ -421,6 +448,8 @@ var setterTests = []struct {
 	{"_: [1,A]", "!!seq", []interface{}{1, "A"}},
 	{"_: 10", "!!int", 10},
 	{"_: null", "!!null", nil},
+	{`_: BAR!`, "!!str", "BAR!"},
+	{`_: "BAR!"`, "!!str", "BAR!"},
 	{"_: !!foo 'BAR!'", "!!foo", "BAR!"},
 }
 
@@ -442,17 +471,31 @@ func (o *typeWithSetter) SetYAML(tag string, value interface{}) (ok bool) {
 	return true
 }
 
-type typeWithSetterField struct {
+type setterPointerType struct {
 	Field *typeWithSetter "_"
 }
 
-func (s *S) TestUnmarshalWithSetter(c *C) {
+type setterValueType struct {
+	Field typeWithSetter "_"
+}
+
+func (s *S) TestUnmarshalWithPointerSetter(c *C) {
 	for _, item := range setterTests {
-		obj := &typeWithSetterField{}
-		err := goyaml.Unmarshal([]byte(item.data), obj)
+		obj := &setterPointerType{}
+		err := yaml.Unmarshal([]byte(item.data), obj)
 		c.Assert(err, IsNil)
-		c.Assert(obj.Field, NotNil,
-			Commentf("Pointer not initialized (%#v)", item.value))
+		c.Assert(obj.Field, NotNil, Commentf("Pointer not initialized (%#v)", item.value))
+		c.Assert(obj.Field.tag, Equals, item.tag)
+		c.Assert(obj.Field.value, DeepEquals, item.value)
+	}
+}
+
+func (s *S) TestUnmarshalWithValueSetter(c *C) {
+	for _, item := range setterTests {
+		obj := &setterValueType{}
+		err := yaml.Unmarshal([]byte(item.data), obj)
+		c.Assert(err, IsNil)
+		c.Assert(obj.Field, NotNil, Commentf("Pointer not initialized (%#v)", item.value))
 		c.Assert(obj.Field.tag, Equals, item.tag)
 		c.Assert(obj.Field.value, DeepEquals, item.value)
 	}
@@ -460,7 +503,7 @@ func (s *S) TestUnmarshalWithSetter(c *C) {
 
 func (s *S) TestUnmarshalWholeDocumentWithSetter(c *C) {
 	obj := &typeWithSetter{}
-	err := goyaml.Unmarshal([]byte(setterTests[0].data), obj)
+	err := yaml.Unmarshal([]byte(setterTests[0].data), obj)
 	c.Assert(err, IsNil)
 	c.Assert(obj.tag, Equals, setterTests[0].tag)
 	value, ok := obj.value.(map[interface{}]interface{})
@@ -477,8 +520,8 @@ func (s *S) TestUnmarshalWithFalseSetterIgnoresValue(c *C) {
 	}()
 
 	m := map[string]*typeWithSetter{}
-	data := "{abc: 1, def: 2, ghi: 3, jkl: 4}"
-	err := goyaml.Unmarshal([]byte(data), m)
+	data := `{abc: 1, def: 2, ghi: 3, jkl: 4}`
+	err := yaml.Unmarshal([]byte(data), m)
 	c.Assert(err, IsNil)
 	c.Assert(m["abc"], NotNil)
 	c.Assert(m["def"], IsNil)
@@ -489,6 +532,98 @@ func (s *S) TestUnmarshalWithFalseSetterIgnoresValue(c *C) {
 	c.Assert(m["ghi"].value, Equals, 3)
 }
 
+// From http://yaml.org/type/merge.html
+var mergeTests = `
+anchors:
+  - &CENTER { "x": 1, "y": 2 }
+  - &LEFT   { "x": 0, "y": 2 }
+  - &BIG    { "r": 10 }
+  - &SMALL  { "r": 1 }
+
+# All the following maps are equal:
+
+plain:
+  # Explicit keys
+  "x": 1
+  "y": 2
+  "r": 10
+  label: center/big
+
+mergeOne:
+  # Merge one map
+  << : *CENTER
+  "r": 10
+  label: center/big
+
+mergeMultiple:
+  # Merge multiple maps
+  << : [ *CENTER, *BIG ]
+  label: center/big
+
+override:
+  # Override
+  << : [ *BIG, *LEFT, *SMALL ]
+  "x": 1
+  label: center/big
+
+shortTag:
+  # Explicit short merge tag
+  !!merge "<<" : [ *CENTER, *BIG ]
+  label: center/big
+
+longTag:
+  # Explicit merge long tag
+  !<tag:yaml.org,2002:merge> "<<" : [ *CENTER, *BIG ]
+  label: center/big
+
+inlineMap:
+  # Inlined map 
+  << : {"x": 1, "y": 2, "r": 10}
+  label: center/big
+
+inlineSequenceMap:
+  # Inlined map in sequence
+  << : [ *CENTER, {"r": 10} ]
+  label: center/big
+`
+
+func (s *S) TestMerge(c *C) {
+	var want = map[interface{}]interface{}{
+		"x":     1,
+		"y":     2,
+		"r":     10,
+		"label": "center/big",
+	}
+
+	var m map[string]interface{}
+	err := yaml.Unmarshal([]byte(mergeTests), &m)
+	c.Assert(err, IsNil)
+	for name, test := range m {
+		if name == "anchors" {
+			continue
+		}
+		c.Assert(test, DeepEquals, want, Commentf("test %q failed", name))
+	}
+}
+
+func (s *S) TestMergeStruct(c *C) {
+	type Data struct {
+		X, Y, R int
+		Label   string
+	}
+	want := Data{1, 2, 10, "center/big"}
+
+	var m map[string]Data
+	err := yaml.Unmarshal([]byte(mergeTests), &m)
+	c.Assert(err, IsNil)
+	for name, test := range m {
+		if name == "anchors" {
+			continue
+		}
+		c.Assert(test, Equals, want, Commentf("test %q failed", name))
+	}
+}
+
 //var data []byte
 //func init() {
 //	var err error
@@ -502,7 +637,7 @@ func (s *S) TestUnmarshalWithFalseSetterIgnoresValue(c *C) {
 //	var err error
 //	for i := 0; i < c.N; i++ {
 //		var v map[string]interface{}
-//		err = goyaml.Unmarshal(data, &v)
+//		err = yaml.Unmarshal(data, &v)
 //	}
 //	if err != nil {
 //		panic(err)
@@ -511,9 +646,9 @@ func (s *S) TestUnmarshalWithFalseSetterIgnoresValue(c *C) {
 //
 //func (s *S) BenchmarkMarshal(c *C) {
 //	var v map[string]interface{}
-//	goyaml.Unmarshal(data, &v)
+//	yaml.Unmarshal(data, &v)
 //	c.ResetTimer()
 //	for i := 0; i < c.N; i++ {
-//		goyaml.Marshal(&v)
+//		yaml.Marshal(&v)
 //	}
 //}

Godeps/_workspace/src/gopkg.in/yaml.v1/emitterc.go

@@ -1,4 +1,4 @@
-package goyaml
+package yaml
 
 import (
 	"bytes"

Godeps/_workspace/src/gopkg.in/yaml.v1/encode.go

@@ -1,9 +1,10 @@
-package goyaml
+package yaml
 
 import (
 	"reflect"
 	"sort"
 	"strconv"
+	"time"
 )
 
 type encoder struct {
@@ -85,7 +86,11 @@ func (e *encoder) marshal(tag string, in reflect.Value) {
 	case reflect.String:
 		e.stringv(tag, in)
 	case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64:
-		e.intv(tag, in)
+		if in.Type() == durationType {
+			e.stringv(tag, reflect.ValueOf(in.Interface().(time.Duration).String()))
+		} else {
+			e.intv(tag, in)
+		}
 	case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr:
 		e.uintv(tag, in)
 	case reflect.Float32, reflect.Float64:

Godeps/_workspace/src/gopkg.in/yaml.v1/encode_test.go

@@ -1,12 +1,13 @@
-package goyaml_test
+package yaml_test
 
 import (
 	"fmt"
-	. "launchpad.net/gocheck"
-	"github.com/coreos/coreos-cloudinit/third_party/launchpad.net/goyaml"
+	"github.com/coreos/coreos-cloudinit/Godeps/_workspace/src/gopkg.in/yaml.v1"
+	. "gopkg.in/check.v1"
 	"math"
 	"strconv"
 	"strings"
+	"time"
 )
 
 var marshalIntTest = 123
@@ -212,11 +213,23 @@ var marshalTests = []struct {
 		}{1, inlineB{2, inlineC{3}}},
 		"a: 1\nb: 2\nc: 3\n",
 	},
+
+	// Duration
+	{
+		map[string]time.Duration{"a": 3 * time.Second},
+		"a: 3s\n",
+	},
+
+	// Issue #24.
+	{
+		map[string]string{"a": "<foo>"},
+		"a: <foo>\n",
+	},
 }
 
 func (s *S) TestMarshal(c *C) {
 	for _, item := range marshalTests {
-		data, err := goyaml.Marshal(item.value)
+		data, err := yaml.Marshal(item.value)
 		c.Assert(err, IsNil)
 		c.Assert(string(data), Equals, item.data)
 	}
@@ -237,7 +250,7 @@ var marshalErrorTests = []struct {
 
 func (s *S) TestMarshalErrors(c *C) {
 	for _, item := range marshalErrorTests {
-		_, err := goyaml.Marshal(item.value)
+		_, err := yaml.Marshal(item.value)
 		c.Assert(err, ErrorMatches, item.error)
 	}
 }
@@ -269,12 +282,12 @@ func (s *S) TestMarshalTypeCache(c *C) {
 	var err error
 	func() {
 		type T struct{ A int }
-		data, err = goyaml.Marshal(&T{})
+		data, err = yaml.Marshal(&T{})
 		c.Assert(err, IsNil)
 	}()
 	func() {
 		type T struct{ B int }
-		data, err = goyaml.Marshal(&T{})
+		data, err = yaml.Marshal(&T{})
 		c.Assert(err, IsNil)
 	}()
 	c.Assert(string(data), Equals, "b: 0\n")
@@ -298,7 +311,7 @@ func (s *S) TestMashalWithGetter(c *C) {
 		obj := &typeWithGetterField{}
 		obj.Field.tag = item.tag
 		obj.Field.value = item.value
-		data, err := goyaml.Marshal(obj)
+		data, err := yaml.Marshal(obj)
 		c.Assert(err, IsNil)
 		c.Assert(string(data), Equals, string(item.data))
 	}
@@ -308,7 +321,7 @@ func (s *S) TestUnmarshalWholeDocumentWithGetter(c *C) {
 	obj := &typeWithGetter{}
 	obj.tag = ""
 	obj.value = map[string]string{"hello": "world!"}
-	data, err := goyaml.Marshal(obj)
+	data, err := yaml.Marshal(obj)
 	c.Assert(err, IsNil)
 	c.Assert(string(data), Equals, "hello: world!\n")
 }
@@ -356,7 +369,7 @@ func (s *S) TestSortedOutput(c *C) {
 	for _, k := range order {
 		m[k] = 1
 	}
-	data, err := goyaml.Marshal(m)
+	data, err := yaml.Marshal(m)
 	c.Assert(err, IsNil)
 	out := "\n" + string(data)
 	last := 0

Godeps/_workspace/src/gopkg.in/yaml.v1/parserc.go

@@ -1,4 +1,4 @@
-package goyaml
+package yaml
 
 import (
 	"bytes"

Godeps/_workspace/src/gopkg.in/yaml.v1/readerc.go

@@ -1,4 +1,4 @@
-package goyaml
+package yaml
 
 import (
 	"io"

Godeps/_workspace/src/gopkg.in/yaml.v1/resolve.go

@@ -1,4 +1,4 @@
-package goyaml
+package yaml
 
 import (
 	"math"
@@ -27,7 +27,6 @@ func init() {
 		t[int(c)] = 'M' // In map
 	}
 	t[int('.')] = '.' // Float (potentially in map)
-	t[int('<')] = '<' // Merge
 
 	var resolveMapList = []struct {
 		v   interface{}
@@ -45,6 +44,7 @@ func init() {
 		{math.Inf(+1), "!!float", []string{".inf", ".Inf", ".INF"}},
 		{math.Inf(+1), "!!float", []string{"+.inf", "+.Inf", "+.INF"}},
 		{math.Inf(-1), "!!float", []string{"-.inf", "-.Inf", "-.INF"}},
+		{"<<", "!!merge", []string{"<<"}},
 	}
 
 	m := resolveMap
@@ -113,13 +113,8 @@ func resolve(tag string, in string) (rtag string, out interface{}) {
 
 	case 'D', 'S':
 		// Int, float, or timestamp.
-		for i := 0; i != len(in); i++ {
-			if in[i] == '_' {
-				in = strings.Replace(in, "_", "", -1)
-				break
-			}
-		}
-		intv, err := strconv.ParseInt(in, 0, 64)
+		plain := strings.Replace(in, "_", "", -1)
+		intv, err := strconv.ParseInt(plain, 0, 64)
 		if err == nil {
 			if intv == int64(int(intv)) {
 				return "!!int", int(intv)
@@ -127,26 +122,23 @@ func resolve(tag string, in string) (rtag string, out interface{}) {
 				return "!!int", intv
 			}
 		}
-		floatv, err := strconv.ParseFloat(in, 64)
+		floatv, err := strconv.ParseFloat(plain, 64)
 		if err == nil {
 			return "!!float", floatv
 		}
-		if strings.HasPrefix(in, "0b") {
-			intv, err := strconv.ParseInt(in[2:], 2, 64)
+		if strings.HasPrefix(plain, "0b") {
+			intv, err := strconv.ParseInt(plain[2:], 2, 64)
 			if err == nil {
 				return "!!int", int(intv)
 			}
-		} else if strings.HasPrefix(in, "-0b") {
-			intv, err := strconv.ParseInt(in[3:], 2, 64)
+		} else if strings.HasPrefix(plain, "-0b") {
+			intv, err := strconv.ParseInt(plain[3:], 2, 64)
 			if err == nil {
 				return "!!int", -int(intv)
 			}
 		}
 	// XXX Handle timestamps here.
 
-	case '<':
-		// XXX Handle merge (<<) here.
-
 	default:
 		panic("resolveTable item not yet handled: " +
 			string([]byte{c}) + " (with " + in + ")")

Godeps/_workspace/src/gopkg.in/yaml.v1/scannerc.go

@@ -1,4 +1,4 @@
-package goyaml
+package yaml
 
 import (
 	"bytes"

Godeps/_workspace/src/gopkg.in/yaml.v1/sorter.go

@@ -1,4 +1,4 @@
-package goyaml
+package yaml
 
 import (
 	"reflect"

Godeps/_workspace/src/gopkg.in/yaml.v1/suite_test.go

@@ -1,7 +1,7 @@
-package goyaml_test
+package yaml_test
 
 import (
-	. "launchpad.net/gocheck"
+	. "gopkg.in/check.v1"
 	"testing"
 )
 

Godeps/_workspace/src/gopkg.in/yaml.v1/writerc.go

@@ -1,4 +1,4 @@
-package goyaml
+package yaml
 
 // Set the writer error and return false.
 func yaml_emitter_set_writer_error(emitter *yaml_emitter_t, problem string) bool {

Godeps/_workspace/src/gopkg.in/yaml.v1/yaml.go

@@ -1,5 +1,10 @@
-// Package goyaml implements YAML support for the Go language.
-package goyaml
+// Package yaml implements YAML support for the Go language.
+//
+// Source code and other details for the project are available at GitHub:
+//
+//   https://github.com/go-yaml/yaml
+//
+package yaml
 
 import (
 	"errors"
@@ -28,32 +33,31 @@ func handleErr(err *error) {
 	}
 }
 
-// Objects implementing the goyaml.Setter interface will receive the YAML
-// tag and value via the SetYAML method during unmarshaling, rather than
-// being implicitly assigned by the goyaml machinery.  If setting the value
-// works, the method should return true.  If it returns false, the given
-// value will be omitted from maps and slices.
+// The Setter interface may be implemented by types to do their own custom
+// unmarshalling of YAML values, rather than being implicitly assigned by
+// the yaml package machinery. If setting the value works, the method should
+// return true.  If it returns false, the value is considered unsupported
+// and is omitted from maps and slices.
 type Setter interface {
 	SetYAML(tag string, value interface{}) bool
 }
 
-// Objects implementing the goyaml.Getter interface will get the GetYAML()
-// method called when goyaml is requested to marshal the given value, and
-// the result of this method will be marshaled in place of the actual object.
+// The Getter interface is implemented by types to do their own custom
+// marshalling into a YAML tag and value.
 type Getter interface {
 	GetYAML() (tag string, value interface{})
 }
 
 // Unmarshal decodes the first document found within the in byte slice
-// and assigns decoded values into the object pointed by out.
+// and assigns decoded values into the out value.
 //
-// Maps, pointers to structs and ints, etc, may all be used as out values.
-// If an internal pointer within a struct is not initialized, goyaml
-// will initialize it if necessary for unmarshalling the provided data,
-// but the struct provided as out must not be a nil pointer.
+// Maps and pointers (to a struct, string, int, etc) are accepted as out
+// values.  If an internal pointer within a struct is not initialized,
+// the yaml package will initialize it if necessary for unmarshalling
+// the provided data. The out parameter must not be nil.
 //
 // The type of the decoded values and the type of out will be considered,
-// and Unmarshal() will do the best possible job to unmarshal values
+// and Unmarshal will do the best possible job to unmarshal values
 // appropriately.  It is NOT considered an error, though, to skip values
 // because they are not available in the decoded YAML, or if they are not
 // compatible with the out value. To ensure something was properly
@@ -61,11 +65,11 @@ type Getter interface {
 // field (usually the zero value).
 //
 // Struct fields are only unmarshalled if they are exported (have an
-// upper case first letter), and will be unmarshalled using the field
-// name lowercased by default. When custom field names are desired, the
-// tag value may be used to tweak the name. Everything before the first
-// comma in the field tag will be used as the name. The values following
-// the comma are used to tweak the marshalling process (see Marshal).
+// upper case first letter), and are unmarshalled using the field name
+// lowercased as the default key. Custom keys may be defined via the
+// "yaml" name in the field tag: the content preceding the first comma
+// is used as the key, and the following comma-separated options are
+// used to tweak the marshalling process (see Marshal).
 // Conflicting names result in a runtime error.
 //
 // For example:
@@ -75,7 +79,7 @@ type Getter interface {
 //         B int
 //     }
 //     var T t
-//     goyaml.Unmarshal([]byte("a: 1\nb: 2"), &t)
+//     yaml.Unmarshal([]byte("a: 1\nb: 2"), &t)
 //
 // See the documentation of Marshal for the format of tags and a list of
 // supported tag options.
@@ -94,14 +98,16 @@ func Unmarshal(in []byte, out interface{}) (err error) {
 
 // Marshal serializes the value provided into a YAML document. The structure
 // of the generated document will reflect the structure of the value itself.
-// Maps, pointers to structs and ints, etc, may all be used as the in value.
+// Maps and pointers (to struct, string, int, etc) are accepted as the in value.
 //
-// In the case of struct values, only exported fields will be serialized.
-// The lowercased field name is used as the key for each exported field,
-// but this behavior may be changed using the respective field tag.
-// The tag may also contain flags to tweak the marshalling behavior for
-// the field. Conflicting names result in a runtime error. The tag format
-// accepted is:
+// Struct fields are only unmarshalled if they are exported (have an upper case
+// first letter), and are unmarshalled using the field name lowercased as the
+// default key. Custom keys may be defined via the "yaml" name in the field
+// tag: the content preceding the first comma is used as the key, and the
+// following comma-separated options are used to tweak the marshalling process.
+// Conflicting names result in a runtime error.
+//
+// The field tag format accepted is:
 //
 //     `(...) yaml:"[<key>][,<flag1>[,<flag2>]]" (...)`
 //
@@ -126,8 +132,8 @@ func Unmarshal(in []byte, out interface{}) (err error) {
 //         F int "a,omitempty"
 //         B int
 //     }
-//     goyaml.Marshal(&T{B: 2}) // Returns "b: 2\n"
-//     goyaml.Marshal(&T{F: 1}} // Returns "a: 1\nb: 0\n"
+//     yaml.Marshal(&T{B: 2}) // Returns "b: 2\n"
+//     yaml.Marshal(&T{F: 1}} // Returns "a: 1\nb: 0\n"
 //
 func Marshal(in interface{}) (out []byte, err error) {
 	defer handleErr(&err)
@@ -142,7 +148,7 @@ func Marshal(in interface{}) (out []byte, err error) {
 // --------------------------------------------------------------------------
 // Maintain a mapping of keys to structure field indexes
 
-// The code in this section was copied from gobson.
+// The code in this section was copied from mgo/bson.
 
 // structInfo holds details for the serialization of fields of
 // a given struct.

Godeps/_workspace/src/gopkg.in/yaml.v1/yamlh.go

@@ -1,4 +1,4 @@
-package goyaml
+package yaml
 
 import (
 	"io"

Godeps/_workspace/src/gopkg.in/yaml.v1/yamlprivateh.go

@@ -1,4 +1,4 @@
-package goyaml
+package yaml
 
 const (
 	// The size of the input raw buffer.

LICENSE

@@ -0,0 +1,202 @@
+Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "{}"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright {yyyy} {name of copyright owner}
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+

MAINTAINERS

@@ -0,0 +1,3 @@
+Alex Crawford <alex.crawford@coreos.com> (@crawford)
+Jonathan Boulle <jonathan.boulle@coreos.com> (@jonboulle)
+Brian Waldon <brian.waldon@coreos.com> (@bcwaldon)

NOTICE

@@ -0,0 +1,5 @@
+CoreOS Project
+Copyright 2014 CoreOS, Inc
+
+This product includes software developed at CoreOS, Inc.
+(http://www.coreos.com/).

README.md

@@ -1,4 +1,4 @@
-# coreos-cloudinit
+# coreos-cloudinit [![Build Status](https://travis-ci.org/coreos/coreos-cloudinit.png?branch=master)](https://travis-ci.org/coreos/coreos-cloudinit)
 
 coreos-cloudinit enables a user to customize CoreOS machines by providing either a cloud-config document or an executable script through user-data.
 

build

@@ -1,6 +1,14 @@
 #!/bin/bash -e
 
-export GOBIN=${PWD}/bin
-export GOPATH=${PWD}
+ORG_PATH="github.com/coreos"
+REPO_PATH="${ORG_PATH}/coreos-cloudinit"
 
-go build -o bin/coreos-cloudinit github.com/coreos/coreos-cloudinit
+if [ ! -h gopath/src/${REPO_PATH} ]; then
+	mkdir -p gopath/src/${ORG_PATH}
+	ln -s ../../../.. gopath/src/${REPO_PATH} || exit 255
+fi
+
+export GOBIN=${PWD}/bin
+export GOPATH=${PWD}/gopath
+
+go build -o bin/coreos-cloudinit ${REPO_PATH}

config/config.go

@@ -0,0 +1,186 @@
+/*
+   Copyright 2014 CoreOS, Inc.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package config
+
+import (
+	"fmt"
+	"reflect"
+	"strings"
+
+	"github.com/coreos/coreos-cloudinit/Godeps/_workspace/src/gopkg.in/yaml.v1"
+)
+
+// CloudConfig encapsulates the entire cloud-config configuration file and maps
+// directly to YAML. Fields that cannot be set in the cloud-config (fields
+// used for internal use) have the YAML tag '-' so that they aren't marshalled.
+type CloudConfig struct {
+	SSHAuthorizedKeys []string `yaml:"ssh_authorized_keys"`
+	Coreos            struct {
+		Etcd    Etcd    `yaml:"etcd"`
+		Flannel Flannel `yaml:"flannel"`
+		Fleet   Fleet   `yaml:"fleet"`
+		OEM     OEM     `yaml:"oem"`
+		Update  Update  `yaml:"update"`
+		Units   []Unit  `yaml:"units"`
+	} `yaml:"coreos"`
+	WriteFiles        []File   `yaml:"write_files"`
+	Hostname          string   `yaml:"hostname"`
+	Users             []User   `yaml:"users"`
+	ManageEtcHosts    EtcHosts `yaml:"manage_etc_hosts"`
+	NetworkConfigPath string   `yaml:"-"`
+	NetworkConfig     string   `yaml:"-"`
+}
+
+func IsCloudConfig(userdata string) bool {
+	header := strings.SplitN(userdata, "\n", 2)[0]
+
+	// Explicitly trim the header so we can handle user-data from
+	// non-unix operating systems. The rest of the file is parsed
+	// by yaml, which correctly handles CRLF.
+	header = strings.TrimSuffix(header, "\r")
+
+	return (header == "#cloud-config")
+}
+
+// NewCloudConfig instantiates a new CloudConfig from the given contents (a
+// string of YAML), returning any error encountered. It will ignore unknown
+// fields but log encountering them.
+func NewCloudConfig(contents string) (*CloudConfig, error) {
+	var cfg CloudConfig
+	ncontents, err := normalizeConfig(contents)
+	if err != nil {
+		return &cfg, err
+	}
+	if err = yaml.Unmarshal(ncontents, &cfg); err != nil {
+		return &cfg, err
+	}
+	return &cfg, nil
+}
+
+func (cc CloudConfig) String() string {
+	bytes, err := yaml.Marshal(cc)
+	if err != nil {
+		return ""
+	}
+
+	stringified := string(bytes)
+	stringified = fmt.Sprintf("#cloud-config\n%s", stringified)
+
+	return stringified
+}
+
+// IsZero returns whether or not the parameter is the zero value for its type.
+// If the parameter is a struct, only the exported fields are considered.
+func IsZero(c interface{}) bool {
+	return isZero(reflect.ValueOf(c))
+}
+
+type ErrorValid struct {
+	Value string
+	Valid []string
+	Field string
+}
+
+func (e ErrorValid) Error() string {
+	return fmt.Sprintf("invalid value %q for option %q (valid options: %q)", e.Value, e.Field, e.Valid)
+}
+
+// AssertStructValid checks the fields in the structure and makes sure that
+// they contain valid values as specified by the 'valid' flag. Empty fields are
+// implicitly valid.
+func AssertStructValid(c interface{}) error {
+	ct := reflect.TypeOf(c)
+	cv := reflect.ValueOf(c)
+	for i := 0; i < ct.NumField(); i++ {
+		ft := ct.Field(i)
+		if !isFieldExported(ft) {
+			continue
+		}
+
+		if err := AssertValid(cv.Field(i), ft.Tag.Get("valid")); err != nil {
+			err.Field = ft.Name
+			return err
+		}
+	}
+	return nil
+}
+
+// AssertValid checks to make sure that the given value is in the list of
+// valid values. Zero values are implicitly valid.
+func AssertValid(value reflect.Value, valid string) *ErrorValid {
+	if valid == "" || isZero(value) {
+		return nil
+	}
+	vs := fmt.Sprintf("%v", value.Interface())
+	valids := strings.Split(valid, ",")
+	for _, valid := range valids {
+		if vs == valid {
+			return nil
+		}
+	}
+	return &ErrorValid{
+		Value: vs,
+		Valid: valids,
+	}
+}
+
+func isZero(v reflect.Value) bool {
+	switch v.Kind() {
+	case reflect.Struct:
+		vt := v.Type()
+		for i := 0; i < v.NumField(); i++ {
+			if isFieldExported(vt.Field(i)) && !isZero(v.Field(i)) {
+				return false
+			}
+		}
+		return true
+	default:
+		return v.Interface() == reflect.Zero(v.Type()).Interface()
+	}
+}
+
+func isFieldExported(f reflect.StructField) bool {
+	return f.PkgPath == ""
+}
+
+func normalizeConfig(config string) ([]byte, error) {
+	var cfg map[interface{}]interface{}
+	if err := yaml.Unmarshal([]byte(config), &cfg); err != nil {
+		return nil, err
+	}
+	return yaml.Marshal(normalizeKeys(cfg))
+}
+
+func normalizeKeys(m map[interface{}]interface{}) map[interface{}]interface{} {
+	for k, v := range m {
+		if m, ok := m[k].(map[interface{}]interface{}); ok {
+			normalizeKeys(m)
+		}
+
+		if s, ok := m[k].([]interface{}); ok {
+			for _, e := range s {
+				if m, ok := e.(map[interface{}]interface{}); ok {
+					normalizeKeys(m)
+				}
+			}
+		}
+
+		delete(m, k)
+		m[strings.Replace(fmt.Sprint(k), "-", "_", -1)] = v
+	}
+	return m
+}

config/config_test.go

@@ -0,0 +1,503 @@
+/*
+   Copyright 2014 CoreOS, Inc.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package config
+
+import (
+	"reflect"
+	"strings"
+	"testing"
+)
+
+func TestIsZero(t *testing.T) {
+	for _, tt := range []struct {
+		c     interface{}
+		empty bool
+	}{
+		{struct{}{}, true},
+		{struct{ a, b string }{}, true},
+		{struct{ A, b string }{}, true},
+		{struct{ A, B string }{}, true},
+		{struct{ A string }{A: "hello"}, false},
+		{struct{ A int }{}, true},
+		{struct{ A int }{A: 1}, false},
+	} {
+		if empty := IsZero(tt.c); tt.empty != empty {
+			t.Errorf("bad result (%q): want %t, got %t", tt.c, tt.empty, empty)
+		}
+	}
+}
+
+func TestAssertStructValid(t *testing.T) {
+	for _, tt := range []struct {
+		c   interface{}
+		err error
+	}{
+		{struct{}{}, nil},
+		{struct {
+			A, b string `valid:"1,2"`
+		}{}, nil},
+		{struct {
+			A, b string `valid:"1,2"`
+		}{A: "1", b: "2"}, nil},
+		{struct {
+			A, b string `valid:"1,2"`
+		}{A: "1", b: "hello"}, nil},
+		{struct {
+			A, b string `valid:"1,2"`
+		}{A: "hello", b: "2"}, &ErrorValid{Value: "hello", Field: "A", Valid: []string{"1", "2"}}},
+		{struct {
+			A, b int `valid:"1,2"`
+		}{}, nil},
+		{struct {
+			A, b int `valid:"1,2"`
+		}{A: 1, b: 2}, nil},
+		{struct {
+			A, b int `valid:"1,2"`
+		}{A: 1, b: 9}, nil},
+		{struct {
+			A, b int `valid:"1,2"`
+		}{A: 9, b: 2}, &ErrorValid{Value: "9", Field: "A", Valid: []string{"1", "2"}}},
+	} {
+		if err := AssertStructValid(tt.c); !reflect.DeepEqual(tt.err, err) {
+			t.Errorf("bad result (%q): want %q, got %q", tt.c, tt.err, err)
+		}
+	}
+}
+
+func TestCloudConfigInvalidKeys(t *testing.T) {
+	defer func() {
+		if r := recover(); r != nil {
+			t.Fatalf("panic while instantiating CloudConfig with nil keys: %v", r)
+		}
+	}()
+
+	for _, tt := range []struct {
+		contents string
+	}{
+		{"coreos:"},
+		{"ssh_authorized_keys:"},
+		{"ssh_authorized_keys:\n  -"},
+		{"ssh_authorized_keys:\n  - 0:"},
+		{"write_files:"},
+		{"write_files:\n  -"},
+		{"write_files:\n  - 0:"},
+		{"users:"},
+		{"users:\n  -"},
+		{"users:\n  - 0:"},
+	} {
+		_, err := NewCloudConfig(tt.contents)
+		if err != nil {
+			t.Fatalf("error instantiating CloudConfig with invalid keys: %v", err)
+		}
+	}
+}
+
+func TestCloudConfigUnknownKeys(t *testing.T) {
+	contents := `
+coreos: 
+  etcd:
+    discovery: "https://discovery.etcd.io/827c73219eeb2fa5530027c37bf18877"
+  coreos_unknown:
+    foo: "bar"
+section_unknown:
+  dunno:
+    something
+bare_unknown:
+  bar
+write_files:
+  - content: fun
+    path: /var/party
+    file_unknown: nofun
+users:
+  - name: fry
+    passwd: somehash
+    user_unknown: philip
+hostname:
+  foo
+`
+	cfg, err := NewCloudConfig(contents)
+	if err != nil {
+		t.Fatalf("error instantiating CloudConfig with unknown keys: %v", err)
+	}
+	if cfg.Hostname != "foo" {
+		t.Fatalf("hostname not correctly set when invalid keys are present")
+	}
+	if cfg.Coreos.Etcd.Discovery != "https://discovery.etcd.io/827c73219eeb2fa5530027c37bf18877" {
+		t.Fatalf("etcd section not correctly set when invalid keys are present")
+	}
+	if len(cfg.WriteFiles) < 1 || cfg.WriteFiles[0].Content != "fun" || cfg.WriteFiles[0].Path != "/var/party" {
+		t.Fatalf("write_files section not correctly set when invalid keys are present")
+	}
+	if len(cfg.Users) < 1 || cfg.Users[0].Name != "fry" || cfg.Users[0].PasswordHash != "somehash" {
+		t.Fatalf("users section not correctly set when invalid keys are present")
+	}
+}
+
+// Assert that the parsing of a cloud config file "generally works"
+func TestCloudConfigEmpty(t *testing.T) {
+	cfg, err := NewCloudConfig("")
+	if err != nil {
+		t.Fatalf("Encountered unexpected error :%v", err)
+	}
+
+	keys := cfg.SSHAuthorizedKeys
+	if len(keys) != 0 {
+		t.Error("Parsed incorrect number of SSH keys")
+	}
+
+	if len(cfg.WriteFiles) != 0 {
+		t.Error("Expected zero WriteFiles")
+	}
+
+	if cfg.Hostname != "" {
+		t.Errorf("Expected hostname to be empty, got '%s'", cfg.Hostname)
+	}
+}
+
+// Assert that the parsing of a cloud config file "generally works"
+func TestCloudConfig(t *testing.T) {
+	contents := `
+coreos: 
+  etcd:
+    discovery: "https://discovery.etcd.io/827c73219eeb2fa5530027c37bf18877"
+  update:
+    reboot_strategy: reboot
+  units:
+    - name: 50-eth0.network
+      runtime: yes
+      content: '[Match]
+ 
+    Name=eth47
+ 
+ 
+    [Network]
+ 
+    Address=10.209.171.177/19
+ 
+'
+  oem:
+    id: rackspace
+    name: Rackspace Cloud Servers
+    version_id: 168.0.0
+    home_url: https://www.rackspace.com/cloud/servers/
+    bug_report_url: https://github.com/coreos/coreos-overlay
+ssh_authorized_keys:
+  - foobar
+  - foobaz
+write_files:
+  - content: |
+      penny
+      elroy
+    path: /etc/dogepack.conf
+    permissions: '0644'
+    owner: root:dogepack
+hostname: trontastic
+`
+	cfg, err := NewCloudConfig(contents)
+	if err != nil {
+		t.Fatalf("Encountered unexpected error :%v", err)
+	}
+
+	keys := cfg.SSHAuthorizedKeys
+	if len(keys) != 2 {
+		t.Error("Parsed incorrect number of SSH keys")
+	} else if keys[0] != "foobar" {
+		t.Error("Expected first SSH key to be 'foobar'")
+	} else if keys[1] != "foobaz" {
+		t.Error("Expected first SSH key to be 'foobaz'")
+	}
+
+	if len(cfg.WriteFiles) != 1 {
+		t.Error("Failed to parse correct number of write_files")
+	} else {
+		wf := cfg.WriteFiles[0]
+		if wf.Content != "penny\nelroy\n" {
+			t.Errorf("WriteFile has incorrect contents '%s'", wf.Content)
+		}
+		if wf.Encoding != "" {
+			t.Errorf("WriteFile has incorrect encoding %s", wf.Encoding)
+		}
+		if wf.RawFilePermissions != "0644" {
+			t.Errorf("WriteFile has incorrect permissions %s", wf.RawFilePermissions)
+		}
+		if wf.Path != "/etc/dogepack.conf" {
+			t.Errorf("WriteFile has incorrect path %s", wf.Path)
+		}
+		if wf.Owner != "root:dogepack" {
+			t.Errorf("WriteFile has incorrect owner %s", wf.Owner)
+		}
+	}
+
+	if len(cfg.Coreos.Units) != 1 {
+		t.Error("Failed to parse correct number of units")
+	} else {
+		u := cfg.Coreos.Units[0]
+		expect := `[Match]
+Name=eth47
+
+[Network]
+Address=10.209.171.177/19
+`
+		if u.Content != expect {
+			t.Errorf("Unit has incorrect contents '%s'.\nExpected '%s'.", u.Content, expect)
+		}
+		if u.Runtime != true {
+			t.Errorf("Unit has incorrect runtime value")
+		}
+		if u.Name != "50-eth0.network" {
+			t.Errorf("Unit has incorrect name %s", u.Name)
+		}
+	}
+
+	if cfg.Coreos.OEM.ID != "rackspace" {
+		t.Errorf("Failed parsing coreos.oem. Expected ID 'rackspace', got %q.", cfg.Coreos.OEM.ID)
+	}
+
+	if cfg.Hostname != "trontastic" {
+		t.Errorf("Failed to parse hostname")
+	}
+	if cfg.Coreos.Update.RebootStrategy != "reboot" {
+		t.Errorf("Failed to parse locksmith strategy")
+	}
+
+	contents = `
+coreos:
+write_files:
+  - path: /home/me/notes
+    permissions: 0744
+`
+	cfg, err = NewCloudConfig(contents)
+	if err != nil {
+		t.Fatalf("Encountered unexpected error :%v", err)
+	}
+
+	if len(cfg.WriteFiles) != 1 {
+		t.Error("Failed to parse correct number of write_files")
+	} else {
+		wf := cfg.WriteFiles[0]
+		if wf.Content != "" {
+			t.Errorf("WriteFile has incorrect contents '%s'", wf.Content)
+		}
+		if wf.Encoding != "" {
+			t.Errorf("WriteFile has incorrect encoding %s", wf.Encoding)
+		}
+		// Verify that the normalization of the config converted 0744 to its decimal
+		// representation, 484.
+		if wf.RawFilePermissions != "484" {
+			t.Errorf("WriteFile has incorrect permissions %s", wf.RawFilePermissions)
+		}
+		if wf.Path != "/home/me/notes" {
+			t.Errorf("WriteFile has incorrect path %s", wf.Path)
+		}
+		if wf.Owner != "" {
+			t.Errorf("WriteFile has incorrect owner %s", wf.Owner)
+		}
+	}
+}
+
+// Assert that our interface conversion doesn't panic
+func TestCloudConfigKeysNotList(t *testing.T) {
+	contents := `
+ssh_authorized_keys:
+  - foo: bar
+`
+	cfg, err := NewCloudConfig(contents)
+	if err != nil {
+		t.Fatalf("Encountered unexpected error: %v", err)
+	}
+
+	keys := cfg.SSHAuthorizedKeys
+	if len(keys) != 0 {
+		t.Error("Parsed incorrect number of SSH keys")
+	}
+}
+
+func TestCloudConfigSerializationHeader(t *testing.T) {
+	cfg, _ := NewCloudConfig("")
+	contents := cfg.String()
+	header := strings.SplitN(contents, "\n", 2)[0]
+	if header != "#cloud-config" {
+		t.Fatalf("Serialized config did not have expected header")
+	}
+}
+
+func TestCloudConfigUsers(t *testing.T) {
+	contents := `
+users:
+  - name: elroy
+    passwd: somehash
+    ssh_authorized_keys:
+      - somekey
+    gecos: arbitrary comment
+    homedir: /home/place
+    no_create_home: yes
+    primary_group: things
+    groups:
+      - ping
+      - pong
+    no_user_group: true
+    system: y
+    no_log_init: True
+`
+	cfg, err := NewCloudConfig(contents)
+	if err != nil {
+		t.Fatalf("Encountered unexpected error: %v", err)
+	}
+
+	if len(cfg.Users) != 1 {
+		t.Fatalf("Parsed %d users, expected 1", len(cfg.Users))
+	}
+
+	user := cfg.Users[0]
+
+	if user.Name != "elroy" {
+		t.Errorf("User name is %q, expected 'elroy'", user.Name)
+	}
+
+	if user.PasswordHash != "somehash" {
+		t.Errorf("User passwd is %q, expected 'somehash'", user.PasswordHash)
+	}
+
+	if keys := user.SSHAuthorizedKeys; len(keys) != 1 {
+		t.Errorf("Parsed %d ssh keys, expected 1", len(keys))
+	} else {
+		key := user.SSHAuthorizedKeys[0]
+		if key != "somekey" {
+			t.Errorf("User SSH key is %q, expected 'somekey'", key)
+		}
+	}
+
+	if user.GECOS != "arbitrary comment" {
+		t.Errorf("Failed to parse gecos field, got %q", user.GECOS)
+	}
+
+	if user.Homedir != "/home/place" {
+		t.Errorf("Failed to parse homedir field, got %q", user.Homedir)
+	}
+
+	if !user.NoCreateHome {
+		t.Errorf("Failed to parse no_create_home field")
+	}
+
+	if user.PrimaryGroup != "things" {
+		t.Errorf("Failed to parse primary_group field, got %q", user.PrimaryGroup)
+	}
+
+	if len(user.Groups) != 2 {
+		t.Errorf("Failed to parse 2 goups, got %d", len(user.Groups))
+	} else {
+		if user.Groups[0] != "ping" {
+			t.Errorf("First group was %q, not expected value 'ping'", user.Groups[0])
+		}
+		if user.Groups[1] != "pong" {
+			t.Errorf("First group was %q, not expected value 'pong'", user.Groups[1])
+		}
+	}
+
+	if !user.NoUserGroup {
+		t.Errorf("Failed to parse no_user_group field")
+	}
+
+	if !user.System {
+		t.Errorf("Failed to parse system field")
+	}
+
+	if !user.NoLogInit {
+		t.Errorf("Failed to parse no_log_init field")
+	}
+}
+
+func TestCloudConfigUsersGithubUser(t *testing.T) {
+
+	contents := `
+users:
+  - name: elroy
+    coreos_ssh_import_github: bcwaldon
+`
+	cfg, err := NewCloudConfig(contents)
+	if err != nil {
+		t.Fatalf("Encountered unexpected error: %v", err)
+	}
+
+	if len(cfg.Users) != 1 {
+		t.Fatalf("Parsed %d users, expected 1", len(cfg.Users))
+	}
+
+	user := cfg.Users[0]
+
+	if user.Name != "elroy" {
+		t.Errorf("User name is %q, expected 'elroy'", user.Name)
+	}
+
+	if user.SSHImportGithubUser != "bcwaldon" {
+		t.Errorf("github user is %q, expected 'bcwaldon'", user.SSHImportGithubUser)
+	}
+}
+
+func TestCloudConfigUsersSSHImportURL(t *testing.T) {
+	contents := `
+users:
+  - name: elroy
+    coreos_ssh_import_url: https://token:x-auth-token@github.enterprise.com/api/v3/polvi/keys
+`
+	cfg, err := NewCloudConfig(contents)
+	if err != nil {
+		t.Fatalf("Encountered unexpected error: %v", err)
+	}
+
+	if len(cfg.Users) != 1 {
+		t.Fatalf("Parsed %d users, expected 1", len(cfg.Users))
+	}
+
+	user := cfg.Users[0]
+
+	if user.Name != "elroy" {
+		t.Errorf("User name is %q, expected 'elroy'", user.Name)
+	}
+
+	if user.SSHImportURL != "https://token:x-auth-token@github.enterprise.com/api/v3/polvi/keys" {
+		t.Errorf("ssh import url is %q, expected 'https://token:x-auth-token@github.enterprise.com/api/v3/polvi/keys'", user.SSHImportURL)
+	}
+}
+
+func TestNormalizeKeys(t *testing.T) {
+	for _, tt := range []struct {
+		in  string
+		out string
+	}{
+		{"my_key_name: the-value\n", "my_key_name: the-value\n"},
+		{"my-key_name: the-value\n", "my_key_name: the-value\n"},
+		{"my-key-name: the-value\n", "my_key_name: the-value\n"},
+
+		{"a:\n- key_name: the-value\n", "a:\n- key_name: the-value\n"},
+		{"a:\n- key-name: the-value\n", "a:\n- key_name: the-value\n"},
+
+		{"a:\n  b:\n  - key_name: the-value\n", "a:\n  b:\n  - key_name: the-value\n"},
+		{"a:\n  b:\n  - key-name: the-value\n", "a:\n  b:\n  - key_name: the-value\n"},
+
+		{"coreos:\n  update:\n    reboot-strategy: off\n", "coreos:\n  update:\n    reboot_strategy: false\n"},
+		{"coreos:\n  update:\n    reboot-strategy: 'off'\n", "coreos:\n  update:\n    reboot_strategy: \"off\"\n"},
+	} {
+		out, err := normalizeConfig(tt.in)
+		if err != nil {
+			t.Fatalf("bad error (%q): want nil, got %s", tt.in, err)
+		}
+		if string(out) != tt.out {
+			t.Fatalf("bad normalization (%q): want %q, got %q", tt.in, tt.out, out)
+		}
+	}
+}

config/etc_hosts.go

@@ -0,0 +1,19 @@
+/*
+   Copyright 2014 CoreOS, Inc.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package config
+
+type EtcHosts string

config/etcd.go

@@ -0,0 +1,53 @@
+/*
+   Copyright 2014 CoreOS, Inc.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package config
+
+type Etcd struct {
+	Addr                  string  `yaml:"addr"                    env:"ETCD_ADDR"`
+	BindAddr              string  `yaml:"bind_addr"               env:"ETCD_BIND_ADDR"`
+	CAFile                string  `yaml:"ca_file"                 env:"ETCD_CA_FILE"`
+	CertFile              string  `yaml:"cert_file"               env:"ETCD_CERT_FILE"`
+	ClusterActiveSize     int     `yaml:"cluster_active_size"     env:"ETCD_CLUSTER_ACTIVE_SIZE"`
+	ClusterRemoveDelay    float64 `yaml:"cluster_remove_delay"    env:"ETCD_CLUSTER_REMOVE_DELAY"`
+	ClusterSyncInterval   float64 `yaml:"cluster_sync_interval"   env:"ETCD_CLUSTER_SYNC_INTERVAL"`
+	CorsOrigins           string  `yaml:"cors"                    env:"ETCD_CORS"`
+	DataDir               string  `yaml:"data_dir"                env:"ETCD_DATA_DIR"`
+	Discovery             string  `yaml:"discovery"               env:"ETCD_DISCOVERY"`
+	GraphiteHost          string  `yaml:"graphite_host"           env:"ETCD_GRAPHITE_HOST"`
+	HTTPReadTimeout       float64 `yaml:"http_read_timeout"       env:"ETCD_HTTP_READ_TIMEOUT"`
+	HTTPWriteTimeout      float64 `yaml:"http_write_timeout"      env:"ETCD_HTTP_WRITE_TIMEOUT"`
+	KeyFile               string  `yaml:"key_file"                env:"ETCD_KEY_FILE"`
+	MaxResultBuffer       int     `yaml:"max_result_buffer"       env:"ETCD_MAX_RESULT_BUFFER"`
+	MaxRetryAttempts      int     `yaml:"max_retry_attempts"      env:"ETCD_MAX_RETRY_ATTEMPTS"`
+	Name                  string  `yaml:"name"                    env:"ETCD_NAME"`
+	PeerAddr              string  `yaml:"peer_addr"               env:"ETCD_PEER_ADDR"`
+	PeerBindAddr          string  `yaml:"peer_bind_addr"          env:"ETCD_PEER_BIND_ADDR"`
+	PeerCAFile            string  `yaml:"peer_ca_file"            env:"ETCD_PEER_CA_FILE"`
+	PeerCertFile          string  `yaml:"peer_cert_file"          env:"ETCD_PEER_CERT_FILE"`
+	PeerElectionTimeout   int     `yaml:"peer_election_timeout"   env:"ETCD_PEER_ELECTION_TIMEOUT"`
+	PeerHeartbeatInterval int     `yaml:"peer_heartbeat_interval" env:"ETCD_PEER_HEARTBEAT_INTERVAL"`
+	PeerKeyFile           string  `yaml:"peer_key_file"           env:"ETCD_PEER_KEY_FILE"`
+	Peers                 string  `yaml:"peers"                   env:"ETCD_PEERS"`
+	PeersFile             string  `yaml:"peers_file"              env:"ETCD_PEERS_FILE"`
+	RetryInterval         float64 `yaml:"retry_interval"          env:"ETCD_RETRY_INTERVAL"`
+	Snapshot              bool    `yaml:"snapshot"                env:"ETCD_SNAPSHOT"`
+	SnapshotCount         int     `yaml:"snapshot_count"          env:"ETCD_SNAPSHOTCOUNT"`
+	StrTrace              string  `yaml:"trace"                   env:"ETCD_TRACE"`
+	Verbose               bool    `yaml:"verbose"                 env:"ETCD_VERBOSE"`
+	VeryVerbose           bool    `yaml:"very_verbose"            env:"ETCD_VERY_VERBOSE"`
+	VeryVeryVerbose       bool    `yaml:"very_very_verbose"       env:"ETCD_VERY_VERY_VERBOSE"`
+}

config/file.go

@@ -0,0 +1,25 @@
+/*
+   Copyright 2014 CoreOS, Inc.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package config
+
+type File struct {
+	Encoding           string `yaml:"-"`
+	Content            string `yaml:"content"`
+	Owner              string `yaml:"owner"`
+	Path               string `yaml:"path"`
+	RawFilePermissions string `yaml:"permissions"`
+}