1buildah-push(1) General Commands Manual buildah-push(1)
2
3
4
6 buildah-push - Push an image, manifest list or image index from local
7 storage to elsewhere.
8
9
11 buildah push [options] image [destination]
12
13
15 Pushes an image from local storage to a specified destination, decom‐
16 pressing and recompessing layers as needed.
17
18
20 Image stored in local container/storage
21
22
24 DESTINATION is the location the container image is pushed to. It sup‐
25 ports all transports from containers-transports(5) (see examples be‐
26 low). If no transport is specified, the docker (i.e., container reg‐
27 istry) transport is used.
28
29
31 --all
32
33
34 If specified image is a manifest list or image index, push the images
35 in addition to the list or index itself.
36
37
38 --authfile path
39
40
41 Path of the authentication file. Default is ${XDG_\RUNTIME_DIR}/con‐
42 tainers/auth.json. If XDG_RUNTIME_DIR is not set, the default is
43 /run/containers/$UID/auth.json. This file is created using using buil‐
44 dah login.
45
46
47 If the authorization state is not found there, $HOME/.docker/con‐
48 fig.json is checked, which is set using docker login.
49
50
51 Note: You can also override the default path of the authentication file
52 by setting the REGISTRY_AUTH_FILE environment variable. export REG‐
53 ISTRY_AUTH_FILE=path
54
55
56 --cert-dir path
57
58
59 Use certificates at path (*.crt, *.cert, *.key) to connect to the reg‐
60 istry. The default certificates directory is /etc/containers/certs.d.
61
62
63 --creds creds
64
65
66 The [username[:password]] to use to authenticate with the registry if
67 required. If one or both values are not supplied, a command line
68 prompt will appear and the value can be entered. The password is en‐
69 tered without echo.
70
71
72 --digestfile Digestfile
73
74
75 After copying the image, write the digest of the resulting image to the
76 file.
77
78
79 --disable-compression, -D
80
81
82 Don't compress copies of filesystem layers which will be pushed.
83
84
85 --encryption-key key
86
87
88 The [protocol:keyfile] specifies the encryption protocol, which can be
89 JWE (RFC7516), PGP (RFC4880), and PKCS7 (RFC2315) and the key material
90 required for image encryption. For instance, jwe:/path/to/key.pem or
91 pgp:admin@example.com or pkcs7:/path/to/x509-file.
92
93
94 --encrypt-layer layer(s)
95
96
97 Layer(s) to encrypt: 0-indexed layer indices with support for negative
98 indexing (e.g. 0 is the first layer, -1 is the last layer). If not de‐
99 fined, will encrypt all layers if encryption-key flag is specified.
100
101
102 --format, -f
103
104
105 Manifest Type (oci, v2s2, or v2s1) to use when pushing an image. (de‐
106 fault is manifest type of the source image, with fallbacks)
107
108
109 --quiet, -q
110
111
112 When writing the output image, suppress progress output.
113
114
115 --remove-signatures
116
117
118 Don't copy signatures when pushing images.
119
120
121 --rm
122
123
124 When pushing a the manifest list or image index, delete them from local
125 storage if pushing succeeds.
126
127
128 --sign-by fingerprint
129
130
131 Sign the pushed image using the GPG key that matches the specified fin‐
132 gerprint.
133
134
135 --tls-verify bool-value
136
137
138 Require HTTPS and verification of certificates when talking to con‐
139 tainer registries (defaults to true). TLS verification cannot be used
140 when talking to an insecure registry.
141
142
144 This example pushes the image specified by the imageID to a local di‐
145 rectory in docker format.
146
147
148 # buildah push imageID dir:/path/to/image
149
150
151 This example pushes the image specified by the imageID to a local di‐
152 rectory in oci format.
153
154
155 # buildah push imageID oci:/path/to/layout:image:tag
156
157
158 This example pushes the image specified by the imageID to a tar archive
159 in oci format.
160
161
162 # buildah push imageID oci-archive:/path/to/archive:image:tag
163
164
165 This example pushes the image specified by the imageID to a container
166 registry named registry.example.com.
167
168
169 # buildah push imageID docker://registry.example.com/repository:tag
170
171
172 This example pushes the image specified by the imageID to a container
173 registry named registry.example.com and saves the digest in the speci‐
174 fied digestfile.
175
176
177 # buildah push --digestfile=/tmp/mydigest imageID docker://registry.ex‐
178 ample.com/repository:tag
179
180
181 This example works like docker push, assuming registry.exam‐
182 ple.com/my_image is a local image.
183
184
185 # buildah push registry.example.com/my_image
186
187
188 This example pushes the image specified by the imageID to a private
189 container registry named registry.example.com with authentication from
190 /tmp/auths/myauths.json.
191
192
193 # buildah push --authfile /tmp/auths/myauths.json imageID docker://reg‐
194 istry.example.com/repository:tag
195
196
197 This example pushes the image specified by the imageID and puts into
198 the local docker container store.
199
200
201 # buildah push imageID docker-daemon:image:tag
202
203
204 This example pushes the image specified by the imageID and puts it into
205 the registry on the localhost while turning off tls verification.
206 # buildah push --tls-verify=false imageID docker://localhost:5000/my-
207 imageID
208
209
210 This example pushes the image specified by the imageID and puts it into
211 the registry on the localhost using credentials and certificates for
212 authentication.
213 # buildah push --cert-dir ~/auth --tls-verify=true --creds=user‐
214 name:password imageID docker://localhost:5000/my-imageID
215
216
218 BUILD_REGISTRY_SOURCES
219
220
221 BUILD_REGISTRY_SOURCES, if set, is treated as a JSON object which con‐
222 tains lists of registry names under the keys insecureRegistries,
223 blockedRegistries, and allowedRegistries.
224
225
226 When pushing an image to a registry, if the portion of the destination
227 image name that corresponds to a registry is compared to the items in
228 the blockedRegistries list, and if it matches any of them, the push at‐
229 tempt is denied. If there are registries in the allowedRegistries
230 list, and the portion of the name that corresponds to the registry is
231 not in the list, the push attempt is denied.
232
233
234 TMPDIR The TMPDIR environment variable allows the user to specify where
235 temporary files are stored while pulling and pushing images. Defaults
236 to '/var/tmp'.
237
238
240 registries.conf (/etc/containers/registries.conf)
241
242
243 registries.conf is the configuration file which specifies which con‐
244 tainer registries should be consulted when completing image names which
245 do not include a registry or domain portion.
246
247
248 policy.json (/etc/containers/policy.json)
249
250
251 Signature policy file. This defines the trust policy for container im‐
252 ages. Controls which container registries can be used for image, and
253 whether or not the tool should trust the images.
254
255
257 buildah(1), buildah-login(1), containers-policy.json(5), docker-lo‐
258 gin(1), containers-registries.conf(5), buildah-manifest(1)
259
260
261
262buildah June 2017 buildah-push(1)