1SKOPEO(1)(Skopeo)                                            SKOPEO(1)(Skopeo)
2
3
4
5Jhon Honce August 2016
6

NAME

8       skopeo  --  Command line utility used to interact with local and remote
9       container images and container image registries
10
11

SYNOPSIS

13       skopeo [global options] command [command options]
14
15

DESCRIPTION

17       skopeo is a command line utility providing various operations with con‐
18       tainer images and container image registries.
19
20
21       skopeo  can  copy  container  images  between  various containers image
22       stores, converting them as necessary.  For example you can  use  skopeo
23       to copy container images from one container registry to another.
24
25
26       skopeo  can convert a Docker schema 2 or schema 1 container image to an
27       OCI image.
28
29
30       skopeo can inspect a repository on a container registry  without  need‐
31       lessly  pulling  the  image.  Pulling an image from a repository, espe‐
32       cially a remote repository, is an expensive network and storage  opera‐
33       tion.  Skopeo  fetches  the repository's manifest and displays a docker
34       inspect-like json output about the repository or a tag. skopeo, in con‐
35       trast  to  docker  inspect, helps you gather useful information about a
36       repository or a tag without requiring you to run docker pull -  e.g.  -
37       Which  tags  are  available for the given repository? Which labels does
38       the image have?
39
40
41       skopeo can sign and verify container images.
42
43
44       skopeo can delete container images from a remote container registry.
45
46
47       Note: skopeo does not require any container runtimes to be running,  to
48       do  most  of  its functionality.  It also does not require root, unless
49       you are copying images into a container runtime storage  backend,  like
50       the docker daemon or github.com/containers/storage.
51
52

IMAGE NAMES

54       Most commands refer to container images, using a transport:details for‐
55       mat. The following formats are supported:
56
57
58       containers-storage:docker-reference
59         An image located in a local containers/storage image store.  Location
60       and image store specified in /etc/containers/storage.conf
61
62
63       dir:path
64         An existing local directory path storing the manifest, layer tarballs
65       and signatures as individual files. This is a non-standardized  format,
66       primarily useful for debugging or noninvasive container inspection.
67
68
69       docker://docker-reference
70         An  image  in  a  registry implementing the "Docker Registry HTTP API
71       V2". By default, uses  the  authorization  state  in  either  $XDG_RUN‐
72       TIME_DIR/containers/auth.json,  which  is  set using (podman login). If
73       the authorization state is not found  there,  $HOME/.docker/config.json
74       is checked, which is set using (docker login).
75
76
77       docker-archive:path[:docker-reference]
78         An  image is stored in the docker save formatted file.  docker-refer‐
79       ence is only used when creating such a file, and it must not contain  a
80       digest.
81
82
83       docker-daemon:docker-reference
84         An  image docker-reference stored in the docker daemon internal stor‐
85       age.  docker-reference must contain either a tag or a digest.  Alterna‐
86       tively,   when   reading   images,   the   format  can  be  docker-dae‐
87       mon:algo:digest (an image ID).
88
89
90       oci:path:tag
91         An image tag in a directory compliant with "Open Container Image Lay‐
92       out Specification" at path.
93
94

OPTIONS

96       --command-timeout duration Timeout for the command execution.
97
98
99       --debug enable debug output
100
101
102       --help|-h Show help
103
104
105       --insecure-policy Adopt an insecure, permissive policy that allows any‐
106       thing. This obviates the need for a policy file.
107
108
109       --override-arch arch Use  arch  instead  of  the  architecture  of  the
110       machine for choosing images.
111
112
113       --override-os OS Use OS instead of the running OS for choosing images.
114
115
116       --override-variant VARIANT Use VARIANT instead of the running architec‐
117       ture variant for choosing images.
118
119
120       --policy path-to-policy Path to a policy.json file to use for verifying
121       signatures  and  deciding  whether  an image is trusted, overriding the
122       default trust policy file.
123
124
125       --registries.d dir use registry configuration files in  dir  (e.g.  for
126       container signature storage), overriding the default path.
127
128
129       --tmpdir dir used to store temporary files. Defaults to /var/tmp.
130
131
132       --version|-v print the version number
133
134

COMMANDS

136       ┌────────────────────────────┬───────────────────────────────┐
137       │Command                     │ Description                   │
138       ├────────────────────────────┼───────────────────────────────┤
139       │skopeo-copy(1)              │ Copy   an   image  (manifest, │
140       │                            │ filesystem   layers,   signa‐ │
141       │                            │ tures)  from  one location to │
142       │                            │ another.                      │
143       ├────────────────────────────┼───────────────────────────────┤
144       │skopeo-delete(1)            │ Mark image-name for deletion. │
145       ├────────────────────────────┼───────────────────────────────┤
146       │skopeo-inspect(1)           │ Return low-level  information │
147       │                            │ about  image-name  in  a reg‐ │
148       │                            │ istry.                        │
149       ├────────────────────────────┼───────────────────────────────┤
150       │skopeo-list-tags(1)         │ List the tags for  the  given │
151       │                            │ transport/repository.         │
152       ├────────────────────────────┼───────────────────────────────┤
153       │skopeo-manifest-digest(1)   │ Compute  a manifest digest of │
154       │                            │ manifest-file and write it to │
155       │                            │ standard output.              │
156       ├────────────────────────────┼───────────────────────────────┤
157       │skopeo-standalone-sign(1)   │ Sign an image.                │
158       ├────────────────────────────┼───────────────────────────────┤
159       │skopeo-standalone-verify(1) │ Verify an image.              │
160       ├────────────────────────────┼───────────────────────────────┤
161       │skopeo-sync(1)              │ Copy  images from one or more │
162       │                            │ repositories to a user speci‐ │
163       │                            │ fied destination.             │
164       └────────────────────────────┴───────────────────────────────┘
165

FILES

167       /etc/containers/policy.json
168         Default trust policy file, if --policy is not specified.
169         The   policy  format  is  documented  in  https://github.com/contain‐
170       ers/image/blob/master/docs/containers-policy.json.5.md .
171
172
173       /etc/containers/registries.d
174         Default  directory  containing  registry  configuration,  if   --reg‐
175       istries.d is not specified.
176         The    contents    of    this    directory    are    documented    in
177       https://github.com/containers/image/blob/master/docs/containers-pol‐
178       icy.json.5.md .
179
180

SEE ALSO

182       podman-login(1), docker-login(1)
183
184

AUTHORS

186       Antonio  Murdaca runcom@redhat.com ⟨mailto:runcom@redhat.com⟩, Miloslav
187       Trmac mitr@redhat.com ⟨mailto:mitr@redhat.com⟩, Jhon Honce  jhonce@red‐
188       hat.com ⟨mailto:jhonce@redhat.com⟩
189
190
191
192Pages                                 Man                    SKOPEO(1)(Skopeo)