diff --git a/.docker.metadata b/.docker.metadata
index d4389c7..658cf33 100644
--- a/.docker.metadata
+++ b/.docker.metadata
@@ -1,2 +1,2 @@
-457742dc6415835983d62716688efb8132200dff SOURCES/docker-02d20af.tar.gz
-46e8e37afb0adf79d0668c552cb3520b499be570 SOURCES/docker-man-1.tar.gz
+3f7364d513ba69e8adf6993e6d125e9d956f22b5 SOURCES/docker-d84a070.tar.gz
+4a2408e3e452c09c9e41844d53257c51eb0080d4 SOURCES/docker-man-3.tar.gz
diff --git a/.gitignore b/.gitignore
index 5501697..54ebd3f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-SOURCES/docker-02d20af.tar.gz
-SOURCES/docker-man-1.tar.gz
+SOURCES/docker-d84a070.tar.gz
+SOURCES/docker-man-3.tar.gz
diff --git a/SOURCES/docker-0.11-remove-subscription-dependency.patch b/SOURCES/docker-0.11-remove-subscription-dependency.patch
deleted file mode 100644
index a31c170..0000000
--- a/SOURCES/docker-0.11-remove-subscription-dependency.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From 248d8fe6b6b4b4706d5c8b14035d5a6847e88721 Mon Sep 17 00:00:00 2001
-From: Jim Perrin <jperrin@centos.org>
-Date: Thu, 26 Jun 2014 09:23:14 -0500
-Subject: [PATCH] remove subscription manager sharing between container and
- host
-
----
- daemon/container.go | 12 ++++++------
- daemon/volumes.go   |  2 +-
- graph/graph.go      |  2 +-
- 3 files changed, 8 insertions(+), 8 deletions(-)
-
-diff --git a/daemon/container.go b/daemon/container.go
-index ce84057..c182009 100644
---- a/daemon/container.go
-+++ b/daemon/container.go
-@@ -290,9 +290,9 @@ func (container *Container) Start() (err error) {
- 	if err := populateCommand(container, env); err != nil {
- 		return err
- 	}
--	if err := container.setupSecretFiles(); err != nil {
--		return err
--	}
-+//	if err := container.setupSecretFiles(); err != nil {
-+//		return err
-+//	}
- 	if err := setupMountsForContainer(container); err != nil {
- 		return err
- 	}
-@@ -308,9 +308,9 @@ func (container *Container) Start() (err error) {
- 	}
- 
- 	// Now the container is running, unmount the secrets on the host
--	if err := system.Unmount(container.secretsPath(), syscall.MNT_DETACH); err != nil {
--		return err
--	}
-+//	if err := system.Unmount(container.secretsPath(), syscall.MNT_DETACH); err != nil {
-+//		return err
-+//	}
- 
- 	return nil
- }
-diff --git a/daemon/volumes.go b/daemon/volumes.go
-index 7d92baf..7e9cadd 100644
---- a/daemon/volumes.go
-+++ b/daemon/volumes.go
-@@ -38,7 +38,7 @@ func setupMountsForContainer(container *Container) error {
- 	mounts := []execdriver.Mount{
- 		{container.daemon.sysInitPath, "/.dockerinit", false, true},
- 		{container.ResolvConfPath, "/etc/resolv.conf", false, true},
--		{container.secretsPath(), "/run/secrets", true, true},
-+//		{container.secretsPath(), "/run/secrets", true, true},
- 	}
- 
- 	if container.HostnamePath != "" {
-diff --git a/graph/graph.go b/graph/graph.go
-index f578ad9..06d714b 100644
---- a/graph/graph.go
-+++ b/graph/graph.go
-@@ -257,7 +257,7 @@ func SetupInitLayer(initLayer string) error {
- 		"/dev/pts":         "dir",
- 		"/dev/shm":         "dir",
- 		"/proc":            "dir",
--		"/run/secrets":     "dir",
-+		//"/run/secrets":     "dir",
- 		"/sys":             "dir",
- 		"/.dockerinit":     "file",
- 		"/.dockerenv":      "file",
--- 
-1.8.3.1
-
diff --git a/SOURCES/docker-Super-minimal-host-based-secrets.patch b/SOURCES/docker-Super-minimal-host-based-secrets.patch
new file mode 100644
index 0000000..95cfb5c
--- /dev/null
+++ b/SOURCES/docker-Super-minimal-host-based-secrets.patch
@@ -0,0 +1,197 @@
+diff -up docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/container.go.secrets docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/container.go
+--- docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/container.go.secrets	2014-07-22 20:29:56.000000000 -0400
++++ docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/container.go	2014-09-10 16:34:28.489624522 -0400
+@@ -277,6 +277,9 @@ func (container *Container) Start() (err
+ 	if err := populateCommand(container, env); err != nil {
+ 		return err
+ 	}
++	if err := container.setupSecretFiles(); err != nil {
++		return err
++	}
+ 	if err := setupMountsForContainer(container); err != nil {
+ 		return err
+ 	}
+@@ -284,7 +287,21 @@ func (container *Container) Start() (err
+ 		return err
+ 	}
+ 
+-	return container.waitForStart()
++	if err := container.waitForStart(); err != nil {
++		return err
++	}
++
++	// Now the container is running, unmount the secrets on the host
++	secretsPath, err := container.secretsPath()
++	if err != nil {
++		return err
++	}
++
++	if err := syscall.Unmount(secretsPath, syscall.MNT_DETACH); err != nil {
++		return err
++	}
++
++	return nil
+ }
+ 
+ func (container *Container) Run() error {
+@@ -711,6 +728,10 @@ func (container *Container) jsonPath() (
+ 	return container.getRootResourcePath("config.json")
+ }
+ 
++func (container *Container) secretsPath() (string, error) {
++	return container.getRootResourcePath("secrets")
++}
++
+ // This method must be exported to be used from the lxc template
+ // This directory is only usable when the container is running
+ func (container *Container) RootfsPath() string {
+@@ -962,6 +983,31 @@ func (container *Container) verifyDaemon
+ 	}
+ }
+ 
++func (container *Container) setupSecretFiles() error {
++	secretsPath, err := container.secretsPath()
++	if err != nil {
++		return err
++	}
++
++	if err := os.MkdirAll(secretsPath, 0700); err != nil {
++		return err
++	}
++
++	if err := syscall.Mount("tmpfs", secretsPath, "tmpfs", uintptr(syscall.MS_NOEXEC|syscall.MS_NOSUID|syscall.MS_NODEV), label.FormatMountLabel("", container.GetMountLabel())); err != nil {
++		return fmt.Errorf("mounting secret tmpfs: %s", err)
++	}
++
++	data, err := getHostSecretData()
++	if err != nil {
++		return err
++	}
++	for _, s := range data {
++		s.SaveTo(secretsPath)
++	}
++
++	return nil
++}
++
+ func (container *Container) setupLinkedContainers() ([]string, error) {
+ 	var (
+ 		env    []string
+diff -up docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/secrets.go.secrets docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/secrets.go
+--- docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/secrets.go.secrets	2014-09-10 16:28:26.922130421 -0400
++++ docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/secrets.go	2014-09-10 16:28:26.922130421 -0400
+@@ -0,0 +1,86 @@
++package daemon
++
++import (
++	"io/ioutil"
++	"os"
++	"path/filepath"
++)
++
++type Secret struct {
++	Name      string
++	IsDir     bool
++	HostBased bool
++}
++
++type SecretData struct {
++	Name string
++	Data []byte
++}
++
++func (s SecretData) SaveTo(dir string) error {
++	path := filepath.Join(dir, s.Name)
++	if err := os.MkdirAll(filepath.Dir(path), 0755); err != nil && !os.IsExist(err) {
++		return err
++	}
++	if err := ioutil.WriteFile(path, s.Data, 0755); err != nil {
++		return err
++	}
++	return nil
++}
++
++func readAll(root, prefix string) ([]SecretData, error) {
++	path := filepath.Join(root, prefix)
++
++	data := []SecretData{}
++
++	files, err := ioutil.ReadDir(path)
++	if err != nil {
++		if os.IsNotExist(err) {
++			return data, nil
++		}
++
++		return nil, err
++	}
++
++	for _, f := range files {
++		fileData, err := readFile(root, filepath.Join(prefix, f.Name()))
++		if err != nil {
++			// If the file did not exist, might be a dangling symlink
++			// Ignore the error
++			if os.IsNotExist(err) {
++				continue
++			}
++			return nil, err
++		}
++		data = append(data, fileData...)
++	}
++
++	return data, nil
++}
++
++func readFile(root, name string) ([]SecretData, error) {
++	path := filepath.Join(root, name)
++
++	s, err := os.Stat(path)
++	if err != nil {
++		return nil, err
++	}
++
++	if s.IsDir() {
++		dirData, err := readAll(root, name)
++		if err != nil {
++			return nil, err
++		}
++		return dirData, nil
++	} else {
++		bytes, err := ioutil.ReadFile(path)
++		if err != nil {
++			return nil, err
++		}
++		return []SecretData{{Name: name, Data: bytes}}, nil
++	}
++}
++
++func getHostSecretData() ([]SecretData, error) {
++	return readAll("/usr/share/rhel/secrets", "")
++}
+diff -up docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/volumes.go.secrets docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/volumes.go
+--- docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/volumes.go.secrets	2014-09-10 16:28:26.922130421 -0400
++++ docker-d84a070e476ce923dd03e28232564a87704613ab/daemon/volumes.go	2014-09-10 16:40:34.683228046 -0400
+@@ -48,6 +48,13 @@ func setupMountsForContainer(container *
+ 		mounts = append(mounts, execdriver.Mount{container.HostsPath, "/etc/hosts", false, true})
+ 	}
+ 
++	secretsPath, err := container.secretsPath()
++	if err != nil {
++		return err
++	}
++
++	mounts = append(mounts, execdriver.Mount{secretsPath, "/run/secrets", true, true})
++
+ 	// Mount user specified volumes
+ 	// Note, these are not private because you may want propagation of (un)mounts from host
+ 	// volumes. For instance if you use -v /usr:/usr and the host later mounts /usr/share you
+diff -up docker-d84a070e476ce923dd03e28232564a87704613ab/graph/graph.go.secrets docker-d84a070e476ce923dd03e28232564a87704613ab/graph/graph.go
+--- docker-d84a070e476ce923dd03e28232564a87704613ab/graph/graph.go.secrets	2014-07-22 20:29:56.000000000 -0400
++++ docker-d84a070e476ce923dd03e28232564a87704613ab/graph/graph.go	2014-09-10 16:28:26.923130420 -0400
+@@ -266,6 +266,7 @@ func SetupInitLayer(initLayer string) er
+ 		"/etc/hostname":    "file",
+ 		"/dev/console":     "file",
+ 		"/etc/mtab":        "/proc/mounts",
++		"/run/secrets":     "dir",
+ 	} {
+ 		parts := strings.Split(pth, "/")
+ 		prev := "/"
diff --git a/SOURCES/docker.service b/SOURCES/docker.service
index e66579b..739d599 100644
--- a/SOURCES/docker.service
+++ b/SOURCES/docker.service
@@ -2,11 +2,12 @@
 Description=Docker Application Container Engine
 Documentation=http://docs.docker.io
 After=network.target
+Requires=docker.socket
 
 [Service]
 Type=notify
 EnvironmentFile=-/etc/sysconfig/docker
-ExecStart=/usr/bin/docker -d --selinux-enabled
+ExecStart=/usr/bin/docker -d $OPTIONS
 Restart=on-failure
 LimitNOFILE=1048576
 LimitNPROC=1048576
diff --git a/SOURCES/docker.sysconfig b/SOURCES/docker.sysconfig
index a2fd2af..efa5af1 100644
--- a/SOURCES/docker.sysconfig
+++ b/SOURCES/docker.sysconfig
@@ -1 +1,4 @@
 # /etc/sysconfig/docker
+
+# Modify these options if you want to change the way the docker daemon runs
+OPTIONS=--selinux-enabled -H fd://
diff --git a/SOURCES/remove-vendored-tar.patch b/SOURCES/remove-vendored-tar.patch
deleted file mode 100644
index d1d0fa1..0000000
--- a/SOURCES/remove-vendored-tar.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-diff -uNr docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/archive/archive.go docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/archive/archive.go
---- docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/archive/archive.go	2014-06-05 19:32:24.000000000 -0400
-+++ docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/archive/archive.go	2014-06-05 19:38:04.963219406 -0400
-@@ -18,7 +18,7 @@
- 
- 	"github.com/dotcloud/docker/pkg/system"
- 	"github.com/dotcloud/docker/utils"
--	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
-+	"archive/tar"
- )
- 
- type (
-diff -uNr docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/archive/archive_test.go docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/archive/archive_test.go
---- docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/archive/archive_test.go	2014-06-05 19:32:24.000000000 -0400
-+++ docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/archive/archive_test.go	2014-06-05 19:37:59.555194220 -0400
-@@ -11,7 +11,7 @@
- 	"testing"
- 	"time"
- 
--	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
-+	"archive/tar"
- )
- 
- func TestCmdStreamLargeStderr(t *testing.T) {
-diff -uNr docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/archive/changes.go docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/archive/changes.go
---- docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/archive/changes.go	2014-06-05 19:32:24.000000000 -0400
-+++ docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/archive/changes.go	2014-06-05 19:37:52.204159915 -0400
-@@ -12,7 +12,7 @@
- 
- 	"github.com/dotcloud/docker/pkg/system"
- 	"github.com/dotcloud/docker/utils"
--	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
-+	"archive/tar"
- )
- 
- type ChangeType int
-diff -uNr docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/archive/diff.go docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/archive/diff.go
---- docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/archive/diff.go	2014-06-05 19:32:24.000000000 -0400
-+++ docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/archive/diff.go	2014-06-05 19:37:46.082131408 -0400
-@@ -9,7 +9,7 @@
- 	"strings"
- 	"syscall"
- 
--	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
-+	"archive/tar"
- )
- 
- // Linux device nodes are a bit weird due to backwards compat with 16 bit device nodes.
-diff -uNr docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/archive/wrap.go docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/archive/wrap.go
---- docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/archive/wrap.go	2014-06-05 19:32:24.000000000 -0400
-+++ docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/archive/wrap.go	2014-06-05 19:38:11.126248130 -0400
-@@ -2,7 +2,7 @@
- 
- import (
- 	"bytes"
--	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
-+	"archive/tar"
- 	"io/ioutil"
- )
- 
-diff -uNr docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/graph/tags_unit_test.go docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/graph/tags_unit_test.go
---- docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/graph/tags_unit_test.go	2014-06-05 19:32:24.000000000 -0400
-+++ docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/graph/tags_unit_test.go	2014-06-05 19:38:18.400282065 -0400
-@@ -6,7 +6,7 @@
- 	_ "github.com/dotcloud/docker/daemon/graphdriver/vfs" // import the vfs driver so it is used in the tests
- 	"github.com/dotcloud/docker/image"
- 	"github.com/dotcloud/docker/utils"
--	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
-+	"archive/tar"
- 	"io"
- 	"os"
- 	"path"
-diff -uNr docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/integration/api_test.go docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/integration/api_test.go
---- docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/integration/api_test.go	2014-06-05 19:32:24.000000000 -0400
-+++ docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/integration/api_test.go	2014-06-05 19:38:35.927363757 -0400
-@@ -21,7 +21,7 @@
- 	"github.com/dotcloud/docker/image"
- 	"github.com/dotcloud/docker/runconfig"
- 	"github.com/dotcloud/docker/utils"
--	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
-+	"archive/tar"
- )
- 
- func TestGetEvents(t *testing.T) {
-diff -uNr docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/integration/utils_test.go docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/integration/utils_test.go
---- docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/integration/utils_test.go	2014-06-05 19:32:24.000000000 -0400
-+++ docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/integration/utils_test.go	2014-06-05 19:38:28.829330804 -0400
-@@ -13,7 +13,7 @@
- 	"testing"
- 	"time"
- 
--	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
-+	"archive/tar"
- 
- 	"github.com/dotcloud/docker/builtins"
- 	"github.com/dotcloud/docker/daemon"
-diff -uNr docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/utils/tarsum.go docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/utils/tarsum.go
---- docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/utils/tarsum.go	2014-06-05 19:32:24.000000000 -0400
-+++ docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/utils/tarsum.go	2014-06-05 19:38:51.793437630 -0400
-@@ -5,7 +5,7 @@
- 	"compress/gzip"
- 	"crypto/sha256"
- 	"encoding/hex"
--	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
-+	"archive/tar"
- 	"hash"
- 	"io"
- 	"sort"
-diff -uNr docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/utils/tarsum_test.go docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/utils/tarsum_test.go
---- docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c/utils/tarsum_test.go	2014-06-05 19:32:24.000000000 -0400
-+++ docker-83ccab0b6b9b07fd05f66f1cff565e1ed6a7497c-1/utils/tarsum_test.go	2014-06-05 19:38:43.581399426 -0400
-@@ -4,7 +4,7 @@
- 	"bytes"
- 	"crypto/rand"
- 	"fmt"
--	"github.com/dotcloud/docker/vendor/src/code.google.com/p/go/src/pkg/archive/tar"
-+	"archive/tar"
- 	"io"
- 	"io/ioutil"
- 	"os"
diff --git a/SPECS/docker.spec b/SPECS/docker.spec
index 0f58b5f..199a745 100644
--- a/SPECS/docker.spec
+++ b/SPECS/docker.spec
@@ -5,49 +5,43 @@
 %global debug_package %{nil}
 %global gopath  %{_datadir}/gocode
 
-%global commit      02d20af7db1e154290eb5128525dd6831bd4c014
+%global commit   d84a070e476ce923dd03e28232564a87704613ab
 %global shortcommit %(c=%{commit}; echo ${c:0:7})
 
 Name:           docker
-Version:        0.11.1
-Release:        22%{?dist}
+Version:        1.1.2
+Release:        13%{?dist}
 Summary:        Automates deployment of containerized applications
 License:        ASL 2.0
 
-Patch0:     remove-vendored-tar.patch
-Patch1:     docker-0.11-remove-subscription-dependency.patch
-
 URL:            http://www.docker.io
-# only x86_64 for now: https://github.com/dotcloud/docker/issues/136
 ExclusiveArch:  x86_64
-#use branch: https://github.com/lsm5/docker/commits/2014-06-06-2
-Source0:        https://github.com/lsm5/docker/archive/%{commit}/docker-%{shortcommit}.tar.gz
+Source0:        https://github.com/rhatdan/docker/archive/%{commit}/docker-%{shortcommit}.tar.gz
+Patch1: docker-Super-minimal-host-based-secrets.patch
 # though final name for sysconf/sysvinit files is simply 'docker',
 # having .sysvinit and .sysconfig makes things clear
 Source1:        docker.service
-Source2:        docker-man-1.tar.gz
+Source2:        docker-man-3.tar.gz
 Source3:        docker.sysconfig
-# Resolves: rhbz#1111760 - CVE-2014-3499
+# docker: systemd socket activation results in privilege escalation
 Source4:        docker.socket
 BuildRequires:  gcc
 BuildRequires:  glibc-static
 # ensure build uses golang 1.2-7 and above
 # http://code.google.com/p/go/source/detail?r=a15f344a9efa35ef168c8feaa92a15a1cdc93db5
 BuildRequires:  golang >= 1.2-7
-BuildRequires:  golang(github.com/gorilla/mux)
-BuildRequires:  golang(github.com/kr/pty)
+BuildRequires:  golang(github.com/gorilla/mux) >= 0-0.12
+BuildRequires:  golang(github.com/kr/pty) >= 0-0.20
 BuildRequires:  golang(code.google.com/p/go.net/websocket)
 BuildRequires:  golang(code.google.com/p/gosqlite/sqlite3)
-BuildRequires:  golang(github.com/syndtr/gocapability/capability)
+BuildRequires:  golang(github.com/syndtr/gocapability/capability) >= 0-0.6
 BuildRequires:  golang(github.com/godbus/dbus)
-BuildRequires:  golang(github.com/coreos/go-systemd/activation)
+BuildRequires:  golang(github.com/coreos/go-systemd/activation) >= 2-2
 BuildRequires:  device-mapper-devel
-# btrfs not available for rhel yet
 BuildRequires:  btrfs-progs-devel
 BuildRequires:  pkgconfig(systemd)
 Requires:       systemd-units
 # need xz to work with ubuntu images
-# https://bugzilla.redhat.com/show_bug.cgi?id=1045220
 Requires:       xz
 
 Provides:       lxc-docker = %{version}
@@ -65,10 +59,7 @@ servers, OpenStack clusters, public instances, or combinations of the above.
 
 %prep
 %setup -q -n docker-%{commit}
-rm -rf vendor
-%patch0 -p1 -b remove-vendored-tar
-%patch1 -p1 -b remove-subscription-dependency
-
+%patch1 -p1 -b .secrets
 tar zxf %{SOURCE2} 
 
 %build
@@ -81,7 +72,7 @@ popd
 
 export DOCKER_GITCOMMIT="%{shortcommit}/%{version}"
 export DOCKER_BUILDTAGS='selinux'
-export GOPATH=$(pwd)/_build:%{gopath}
+export GOPATH=$(pwd)/_build:$(pwd)/vendor
 
 hack/make.sh dynbinary
 cp contrib/syntax/vim/LICENSE LICENSE-vim-syntax
@@ -90,11 +81,11 @@ cp contrib/syntax/vim/README.md README-vim-syntax.md
 %install
 # install binary
 install -d %{buildroot}%{_bindir}
-install -p -m 755 bundles/%{version}-dev/dynbinary/docker-%{version}-dev %{buildroot}%{_bindir}/docker
+install -p -m 755 bundles/%{version}/dynbinary/docker-%{version} %{buildroot}%{_bindir}/docker
 
 # install dockerinit
 install -d %{buildroot}%{_libexecdir}/docker
-install -p -m 755 bundles/%{version}-dev/dynbinary/dockerinit-%{version}-dev %{buildroot}%{_libexecdir}/docker/dockerinit
+install -p -m 755 bundles/%{version}/dynbinary/dockerinit-%{version} %{buildroot}%{_libexecdir}/docker/dockerinit
 
 # install manpages
 install -d %{buildroot}%{_mandir}/man1
@@ -103,8 +94,8 @@ install -d %{buildroot}%{_mandir}/man5
 install -p -m 644 man5/* %{buildroot}%{_mandir}/man5
 
 # install bash completion
-install -d %{buildroot}%{_sysconfdir}/bash_completion.d
-install -p -m 644 contrib/completion/bash/docker %{buildroot}%{_sysconfdir}/bash_completion.d/docker.bash
+install -d %{buildroot}%{_datadir}/bash-completion/completions/
+install -p -m 644 contrib/completion/bash/docker %{buildroot}%{_datadir}/bash-completion/completions/
 
 # install zsh completion
 install -d %{buildroot}%{_datadir}/zsh/site-functions
@@ -126,15 +117,17 @@ install -d -m 700 %{buildroot}%{_sharedstatedir}/docker
 # install systemd/init scripts
 install -d %{buildroot}%{_unitdir}
 install -p -m 644 %{SOURCE1} %{buildroot}%{_unitdir}
-#install -p -m 644 %{SOURCE4} %{buildroot}%{_unitdir}
+install -p -m 644 %{SOURCE4} %{buildroot}%{_unitdir}
 # for additional args
 install -d %{buildroot}%{_sysconfdir}/sysconfig/
 install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/sysconfig/docker
 
-# don't install secrets dir
-# install -d -p -m 750 %{buildroot}/%{_datadir}/rhel/secrets
-# ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement
-# ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/rhel7.repo
+# install secrets dir
+install -d -p -m 750 %{buildroot}/%{_datadir}/rhel/secrets
+# rhbz#1110876 - update symlinks for subscription management
+ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pki-entitlement
+ln -s %{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm
+ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/rhel7.repo
 
 %pre
 getent group docker > /dev/null || %{_sbindir}/groupadd -r docker
@@ -156,17 +149,17 @@ exit 0
 %{_mandir}/man1/*
 %{_mandir}/man5/*
 %{_bindir}/docker
-#%dir %{_datadir}/rhel
-#%dir %{_datadir}/rhel/secrets
-#%{_datadir}/rhel/secrets/etc-pki-entitlement
-#%{_datadir}/rhel/secrets/rhel7.repo
+%dir %{_datadir}/rhel
+%dir %{_datadir}/rhel/secrets
+%{_datadir}/rhel/secrets/etc-pki-entitlement
+%{_datadir}/rhel/secrets/rhel7.repo
+%{_datadir}/rhel/secrets/rhsm
 %dir %{_libexecdir}/docker
 %{_libexecdir}/docker/dockerinit
 %{_unitdir}/docker.service
-#%{_unitdir}/docker.socket
-%{_sysconfdir}/sysconfig/docker
-%dir %{_sysconfdir}/bash_completion.d
-%{_sysconfdir}/bash_completion.d/docker.bash
+%{_unitdir}/docker.socket
+%config(noreplace) %{_sysconfdir}/sysconfig/docker
+%{_datadir}/bash-completion/completions/docker
 %{_datadir}/zsh/site-functions/_docker
 %dir %{_sharedstatedir}/docker
 %dir %{_sysconfdir}/udev/rules.d
@@ -179,16 +172,100 @@ exit 0
 %{_datadir}/vim/vimfiles/syntax/dockerfile.vim
 
 %changelog
-* Wed Jul  2 2014 Johnny Hughes <johnny@centos.org> - 0.11.1-22.el7.centos
-- Roll in CentOS Branding
-- Remove subscription dependency for docker operation 
-
-* Thu Jun 26 2014 Dan Walsh <dwalsh@redhat.com> - 0.11.1-22
-- Resolves: rhbz#1111760 - CVE-2014-3499
-- Remove docker.socket unit file until docker-1.0
-
-* Tue Jun 24 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 0.11.1-20
-- Resolves: rhbz#1111760 - CVE-2014-3499
+* Fri Sep 12  2014 Dan Walsh <dwalsh@redhat.com> - 1.1.2-13
+- Fix sysconfig and docker.service script to allow $OPTIONS
+
+* Wed Sep 10  2014 Dan Walsh <dwalsh@redhat.com> - 1.1.2-12
+- Remove extra patches and ship only v1.1.2 plus secrets patch
+
+* Tue Sep 2 2014 Dan Walsh <dwalsh@redhat.com> - 1.1.2-10
+- Add  docker client entitlement certs
+
+* Fri Aug 8 2014 Dan Walsh <dwalsh@redhat.com> - 1.1.2-9
+- Add Matt Heon patch to allow containers to work if machine is not entitled
+
+* Thu Aug 7 2014 Dan Walsh <dwalsh@redhat.com> - 1.1.2-8
+- Fix handing of rhel repos
+
+* Mon Aug 4 2014 Dan Walsh <dwalsh@redhat.com> - 1.1.2-6
+- Update man pages
+
+* Mon Jul 28 2014 Dan Walsh <dwalsh@redhat.com> - 1.1.2-5
+- Fix environment patch
+- Add /etc/machine-id patch
+
+* Fri Jul 25 2014 Dan Walsh <dwalsh@redhat.com> - 1.1.2-4
+- Add Secrets Patch back in
+
+* Fri Jul 25 2014 Dan Walsh <dwalsh@redhat.com> - 1.1.2-3
+- Pull in latest docker-1.1.2 code
+
+* Fri Jul 25 2014 Dan Walsh <dwalsh@redhat.com> - 1.1.2-2
+- Update to the latest from upstream
+- Add comment and envoroment patches to allow setting of comments and 
+- enviroment variables from docker import
+
+* Wed Jul 23 2014 Dan Walsh <dwalsh@redhat.com> - 1.1.1-3
+- Install docker bash completions in proper location
+- Add audit_write as a default capability
+
+* Tue Jul 22 2014 Dan Walsh <dwalsh@redhat.com> - 1.1.1-2
+- Update man pages
+- Fix docker pull registry/repo
+
+* Fri Jul 18 2014 Dan Walsh <dwalsh@redhat.com> - 1.1.1-1
+- Update to latest from upstream
+
+* Mon Jul 14 2014 Dan Walsh <dwalsh@redhat.com> - 1.0.0-10
+- Pass otions from /etc/sysconfig/docker into docker.service unit file
+
+* Thu Jul 10 2014 Dan Walsh <dwalsh@redhat.com> - 1.0.0-9
+- Fix docker-registry patch to handle search
+
+* Thu Jul 10 2014 Dan Walsh <dwalsh@redhat.com> - 1.0.0-8
+- Re-add %{_datadir}/rhel/secrets/rhel7.repo
+
+* Wed Jul 9 2014 Dan Walsh <dwalsh@redhat.com> - 1.0.0-7
+- Patch: Save "COMMENT" field in Dockerfile into image content.
+- Patch: Update documentation noting that SIGCHLD is not proxied.
+- Patch: Escape control and nonprintable characters in docker ps
+- Patch: machine-id: add container id access
+- Patch: Report child error better (and later)
+- Patch: Fix invalid fd race
+- Patch: Super minimal host based secrets
+- Patch: libcontainer: Mount cgroups in the container
+- Patch: pkg/cgroups Add GetMounts() and GetAllSubsystems()
+- Patch: New implementation of /run support
+- Patch: Error if Docker daemon starts with BTRFS graph driver and SELinux enabled
+- Patch: Updated CLI documentation for docker pull with notes on specifying URL
+- Patch: Updated docker pull manpage to reflect ability to specify URL of registry.
+- Patch: Docker should use /var/tmp for large temporary files.
+- Patch: Add --registry-append and --registry-replace qualifier to docker daemon
+- Patch: Increase size of buffer for signals
+- Patch: Update documentation noting that SIGCHLD is not proxied.
+- Patch: Escape control and nonprintable characters in docker ps
+
+* Tue Jun 24 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.0.0-4
+- Documentation update for --sig-proxy
+- increase size of buffer for signals
+- escape control and nonprintable characters in docker ps
+
+* Tue Jun 24 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.0.0-3
+- Resolves: rhbz#1111769 - CVE-2014-3499
+
+* Thu Jun 19 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.0.0-2
+- Resolves: rhbz#1109938 - upgrade to upstream version 1.0.0 + patches
+  use repo: https://github.com/lsm5/docker/commits/htb2
+- Resolves: rhbz#1109858 - fix race condition with secrets
+- add machine-id patch:
+https://github.com/vbatts/docker/commit/4f51757a50349bbbd2282953aaa3fc0e9a989741
+
+* Wed Jun 18 2014 Lokesh Mandvekar <lsm5@fedoraproject.org> - 1.0.0-1
+- Resolves: rhbz#1109938 - upgrade to upstream version 1.0.0 + patches
+  use repo: https://github.com/lsm5/docker/commits/2014-06-18-htb2
+- Resolves: rhbz#1110876 - secrets changes required for subscription
+management
+- btrfs now available (remove old comment)
 
 * Fri Jun 06 2014 Lokesh Mandvekar <lsm5@redhat.com> - 0.11.1-19
 - build with golang-github-kr-pty-0-0.19.git98c7b80.el7