diff --git a/CHANGELOG.md b/CHANGELOG.md
index 72a0a2eecf..b416d450a2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,21 @@
 # Changelog
 
+## 0.7.6 (2014-01-14)
+
+#### Builder
+
+* Do not follow symlink outside of build context
+
+#### Runtime
+
+- Remount bind mounts when ro is specified
+* Use https for fetching docker version
+
+#### Other
+
+* Inline the test.docker.io fingerprint
+* Add ca-certificates to packaging documentation
+
 ## 0.7.5 (2014-01-09)
 
 #### Builder
diff --git a/VERSION b/VERSION
index 8bd6ba8c5c..c006218557 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.7.5
+0.7.6
diff --git a/buildfile.go b/buildfile.go
index de03e5879f..2b6d40c15d 100644
--- a/buildfile.go
+++ b/buildfile.go
@@ -287,12 +287,23 @@ func (b *buildFile) CmdVolume(args string) error {
 
 func (b *buildFile) checkPathForAddition(orig string) error {
 	origPath := path.Join(b.contextPath, orig)
+	if p, err := filepath.EvalSymlinks(origPath); err != nil {
+		if os.IsNotExist(err) {
+			return fmt.Errorf("%s: no such file or directory", orig)
+		}
+		return err
+	} else {
+		origPath = p
+	}
 	if !strings.HasPrefix(origPath, b.contextPath) {
 		return fmt.Errorf("Forbidden path outside the build context: %s (%s)", orig, origPath)
 	}
 	_, err := os.Stat(origPath)
 	if err != nil {
-		return fmt.Errorf("%s: no such file or directory", orig)
+		if os.IsNotExist(err) {
+			return fmt.Errorf("%s: no such file or directory", orig)
+		}
+		return err
 	}
 	return nil
 }
@@ -308,7 +319,10 @@ func (b *buildFile) addContext(container *Container, orig, dest string) error {
 	}
 	fi, err := os.Stat(origPath)
 	if err != nil {
-		return fmt.Errorf("%s: no such file or directory", orig)
+		if os.IsNotExist(err) {
+			return fmt.Errorf("%s: no such file or directory", orig)
+		}
+		return err
 	}
 	if fi.IsDir() {
 		if err := archive.CopyWithTar(origPath, destPath); err != nil {
diff --git a/container.go b/container.go
index cea316ae5c..9e4495890a 100644
--- a/container.go
+++ b/container.go
@@ -716,7 +716,7 @@ func (container *Container) Start() (err error) {
 
 	for r, v := range container.Volumes {
 		mountAs := "ro"
-		if container.VolumesRW[v] {
+		if container.VolumesRW[r] {
 			mountAs = "rw"
 		}
 
diff --git a/hack/PACKAGERS.md b/hack/PACKAGERS.md
index 05283b909b..1dd039c3e3 100644
--- a/hack/PACKAGERS.md
+++ b/hack/PACKAGERS.md
@@ -38,7 +38,7 @@ To build docker, you will need the following system dependencies
 * A recent version of git and mercurial
 * Go version 1.2 or later
 * SQLite version 3.7.9 or later
-* libdevmapper from lvm2 version 1.02.77 or later (http://www.sourceware.org/lvm2/)
+* libdevmapper version 1.02.68-cvs (2012-01-26) or later from lvm2 version 2.02.89 or later
 * A clean checkout of the source must be added to a valid Go [workspace](http://golang.org/doc/code.html#Workspaces)
 under the path *src/github.com/dotcloud/docker*.
 
diff --git a/hack/install.sh b/hack/install.sh
index 1f37018a7b..02d812f388 100755
--- a/hack/install.sh
+++ b/hack/install.sh
@@ -110,6 +110,8 @@ case "$lsb_dist" in
 			set -x
 			if [ "https://get.docker.io/" = "$url" ]; then
 				$sh_c "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9"
+			elif [ "https://test.docker.io/" = "$url" ]; then
+				$sh_c "apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 740B314AE3941731B942C66ADF4FD13717AAD7D6"
 			else
 				$sh_c "$curl ${url}gpg | apt-key add -"
 			fi
diff --git a/hack/make/ubuntu b/hack/make/ubuntu
index bcffc6560f..f15608e920 100644
--- a/hack/make/ubuntu
+++ b/hack/make/ubuntu
@@ -111,6 +111,7 @@ EOF
 		    --depends lxc \
 		    --depends aufs-tools \
 		    --depends iptables \
+		    --deb-recommends ca-certificates \
 		    --description "$PACKAGE_DESCRIPTION" \
 		    --maintainer "$PACKAGE_MAINTAINER" \
 		    --conflicts lxc-docker-virtual-package \
diff --git a/mount/mount_test.go b/mount/mount_test.go
index 5dc9dc256a..6edc31d410 100644
--- a/mount/mount_test.go
+++ b/mount/mount_test.go
@@ -48,7 +48,7 @@ func TestMounted(t *testing.T) {
 	}
 	f.Close()
 
-	if err := Mount(sourcePath, targetPath, "none", "bind,ro"); err != nil {
+	if err := Mount(sourcePath, targetPath, "none", "bind,rw"); err != nil {
 		t.Fatal(err)
 	}
 	defer func() {
@@ -64,4 +64,47 @@ func TestMounted(t *testing.T) {
 	if !mounted {
 		t.Fatalf("Expected %s to be mounted", targetPath)
 	}
+	if _, err := os.Stat(targetPath); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestMountReadonly(t *testing.T) {
+	tmp := path.Join(os.TempDir(), "mount-tests")
+	if err := os.MkdirAll(tmp, 0777); err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(tmp)
+
+	var (
+		sourcePath = path.Join(tmp, "sourcefile.txt")
+		targetPath = path.Join(tmp, "targetfile.txt")
+	)
+
+	f, err := os.Create(sourcePath)
+	if err != nil {
+		t.Fatal(err)
+	}
+	f.WriteString("hello")
+	f.Close()
+
+	f, err = os.Create(targetPath)
+	if err != nil {
+		t.Fatal(err)
+	}
+	f.Close()
+
+	if err := Mount(sourcePath, targetPath, "none", "bind,ro"); err != nil {
+		t.Fatal(err)
+	}
+	defer func() {
+		if err := Unmount(targetPath); err != nil {
+			t.Fatal(err)
+		}
+	}()
+
+	f, err = os.OpenFile(targetPath, os.O_RDWR, 0777)
+	if err == nil {
+		t.Fatal("Should not be able to open a ro file as rw")
+	}
 }
diff --git a/mount/mounter_linux.go b/mount/mounter_linux.go
index 1371f72bd9..dd4280c777 100644
--- a/mount/mounter_linux.go
+++ b/mount/mounter_linux.go
@@ -5,7 +5,15 @@ import (
 )
 
 func mount(device, target, mType string, flag uintptr, data string) error {
-	return syscall.Mount(device, target, mType, flag, data)
+	if err := syscall.Mount(device, target, mType, flag, data); err != nil {
+		return err
+	}
+
+	// If we have a bind mount or remount, remount...
+	if flag&syscall.MS_BIND == syscall.MS_BIND && flag&syscall.MS_RDONLY == syscall.MS_RDONLY {
+		return syscall.Mount(device, target, mType, flag|syscall.MS_REMOUNT, data)
+	}
+	return nil
 }
 
 func unmount(target string, flag int) error {
diff --git a/utils/utils.go b/utils/utils.go
index 4dfadb793f..e046dfa2a5 100644
--- a/utils/utils.go
+++ b/utils/utils.go
@@ -827,7 +827,7 @@ func ParseHost(defaultHost string, defaultPort int, defaultUnix, addr string) (s
 }
 
 func GetReleaseVersion() string {
-	resp, err := http.Get("http://get.docker.io/latest")
+	resp, err := http.Get("https://get.docker.io/latest")
 	if err != nil {
 		return ""
 	}