1SKOPEO(1) August 2016 SKOPEO(1)
2
6 skopeo -- Command line utility used to interact with local and remote
7 container images and container image registries
8
11 skopeo [global options] command [command options]
12
15 skopeo is a command line utility providing various operations with
16 container images and container image registries.
17 skopeo can copy container images between various containers image
20 stores, converting them as necessary. For example you can use skopeo
21 to copy container images from one container registry to another.
22 skopeo can convert a Docker schema 2 or schema 1 container image to an
25 OCI image.
26 skopeo can inspect a repository on a container registry without
29 needlessly pulling the image. Pulling an image from a repository,
30 especially a remote repository, is an expensive network and storage
31 operation. Skopeo fetches the repository's manifest and displays a
32 docker inspect-like json output about the repository or a tag. skopeo,
33 in contrast to docker inspect, helps you gather useful information
34 about a repository or a tag without requiring you to run docker pull -
35 e.g. - Which tags are available for the given repository? Which labels
36 does the image have?
37 skopeo can sign and verify container images.
40 skopeo can delete container images from a remote container registry.
43 Note: skopeo does not require any container runtimes to be running, to
46 do most of its functionality. It also does not require root, unless
47 you are copying images into a container runtime storage backend, like
48 the docker daemon or github.com/containers/storage.
49
52 Most commands refer to container images, using a transport:details
53 format. The following formats are supported:
54 containers-storage:docker-reference
57 An image located in a local containers/storage image store. Location
58 and image store specified in /etc/containers/storage.conf
59 dir:path
62 An existing local directory path storing the manifest, layer tarballs
63 and signatures as individual files. This is a non-standardized format,
64 primarily useful for debugging or noninvasive container inspection.
65 docker://docker-reference
68 An image in a registry implementing the "Docker Registry HTTP API
69 V2". By default, uses the authorization state in either
70 $XDG_RUNTIME_DIR/containers/auth.json, which is set using (podman
71 login). If the authorization state is not found there,
72 $HOME/.docker/config.json is checked, which is set using (docker
73 login).
74 docker-archive:path[:docker-reference]
77 An image is stored in the docker save formatted file.
78 docker-reference is only used when creating such a file, and it must
79 not contain a digest.
80 docker-daemon:docker-reference
83 An image docker-reference stored in the docker daemon internal
84 storage. docker-reference must contain either a tag or a digest.
85 Alternatively, when reading images, the format can be
86 docker-daemon:algo:digest (an image ID).
87 oci:path:tag
90 An image tag in a directory compliant with "Open Container Image
91 Layout Specification" at path.
92 ostree:image[@/absolute/repo/path]
95 An image in local OSTree repository. /absolute/repo/path defaults to
96 /ostree/repo.
97
100 --debug enable debug output
101 --policy path-to-policy Path to a policy.json file to use for verifying
104 signatures and deciding whether an image is trusted, overriding the
105 default trust policy file.
106 --insecure-policy Adopt an insecure, permissive policy that allows
109 anything. This obviates the need for a policy file.
110 --registries.d dir use registry configuration files in dir (e.g. for
113 container signature storage), overriding the default path.
114 --override-arch arch Use arch instead of the architecture of the
117 machine for choosing images.
118 --override-os OS Use OS instead of the running OS for choosing images.
121 --command-timeout duration Timeout for the command execution.
124 --help|-h Show help
127 --version|-v print the version number
130
133 ┌────────────────────────────┬───────────────────────────────┐
134 │Command │ Description │
135 ├────────────────────────────┼───────────────────────────────┤
136 │skopeo-copy(1) │ Copy an image (manifest, │
137 │ │ filesystem layers, │
138 │ │ signatures) from one location │
139 │ │ to another. │
140 ├────────────────────────────┼───────────────────────────────┤
141 │skopeo-delete(1) │ Mark image-name for deletion. │
142 ├────────────────────────────┼───────────────────────────────┤
143 │skopeo-inspect(1) │ Return low-level information │
144 │ │ about image-name in a │
145 │ │ registry. │
146 ├────────────────────────────┼───────────────────────────────┤
147 │skopeo-manifest-digest(1) │ Compute a manifest digest of │
148 │ │ manifest-file and write it to │
149 │ │ standard output. │
150 ├────────────────────────────┼───────────────────────────────┤
151 │skopeo-standalone-sign(1) │ Sign an image. │
152 ├────────────────────────────┼───────────────────────────────┤
153 │skopeo-standalone-verify(1) │ Verity an image. │
154 └────────────────────────────┴───────────────────────────────┘
155
157 /etc/containers/policy.json
158 Default trust policy file, if --policy is not specified.
159 The policy format is documented in
160 ⟨https://github.com/containers/image/blob/master/docs/policy.json.md⟩ .
161 /etc/containers/registries.d
164 Default directory containing registry configuration, if
165 --registries.d is not specified.
166 The contents of this directory are documented in
167 ⟨https://github.com/containers/image/blob/master/docs/registries.d.md⟩
168 .
169
172 podman-login(1), docker-login(1)
173
176 Antonio Murdaca ⟨runcom@redhat.com⟩, Miloslav Trmac ⟨mitr@redhat.com⟩,
177 Jhon Honce ⟨jhonce@redhat.com⟩
178Jhon Honce Skopeo Man Pages SKOPEO(1)