1buildah-commit(1)           General Commands Manual          buildah-commit(1)
2
3
4

NAME

6       buildah-commit - Create an image from a working container.
7
8

SYNOPSIS

10       buildah commit [options] container [image]
11
12

DESCRIPTION

14       Writes a new image using the specified container's read-write layer and
15       if it is based on an image, the layers of that image.   If  image  does
16       not  begin  with  a registry name component, localhost will be added to
17       the name.  If image is not provided, the values for the REPOSITORY  and
18       TAG values of the created image will each be set to <none>.
19
20

RETURN VALUE

22       The  image  ID  of the image that was created.  On error, 1 is returned
23       and errno is returned.
24
25

OPTIONS

27       --authfile path
28
29
30       Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/contain‐
31       ers/auth.json,  which is set using buildah login.  If the authorization
32       state is not found there, $HOME/.docker/config.json is  checked,  which
33       is set using docker login.
34
35
36       --cert-dir path
37
38
39       Use  certificates at path (*.crt, *.cert, *.key) to connect to the reg‐
40       istry.  Default certificates directory is /etc/containers/certs.d.
41
42
43       --creds creds
44
45
46       The [username[:password]] to use to authenticate with the  registry  if
47       required.   If  one  or  both  values  are not supplied, a command line
48       prompt will appear and the value  can  be  entered.   The  password  is
49       entered without echo.
50
51
52       --disable-compression, -D
53
54
55       Don't  compress  filesystem layers when building the image unless it is
56       required by the location where the image is being written.  This is the
57       default setting, because image layers are compressed automatically when
58       they are pushed to registries, and images being written to local  stor‐
59       age would only need to be decompressed again to be stored.  Compression
60       can be forced in all cases by specifying --disable-compression=false.
61
62
63       --format
64
65
66       Control the format for the image manifest and configuration data.  Rec‐
67       ognized  formats  include  oci  (OCI  image-spec v1.0, the default) and
68       docker (version 2, using schema format 2 for the manifest).
69
70
71       Note: You can also override the default format  by  setting  the  BUIL‐
72       DAH_FORMAT environment variable.  export BUILDAH\_FORMAT=docker
73
74
75       --iidfile ImageIDfile
76
77
78       Write the image ID to the file.
79
80
81       --quiet
82
83
84       When writing the output image, suppress progress output.
85
86
87       --rm  Remove  the  container  and its content after committing it to an
88       image.  Default leaves the container and its content in place.
89
90
91       --squash
92
93
94       Squash all of the new image's layers (including those inherited from  a
95       base image) into a single new layer.
96
97
98       --tls-verify bool-value
99
100
101       Require  HTTPS  and  verify certificates when talking to container reg‐
102       istries (defaults to true)
103
104
105       --omit-timestamp bool-value
106
107
108       Set the create timestamp to epoch 0 to allow for  deterministic  builds
109       (defaults  to false).  By default, the created timestamp is changed and
110       written into the image manifest with every commit, causing the  image's
111       sha256  hash  to  be different even if the sources are exactly the same
112       otherwise.  When --omit-timestamp is set to true, the created timestamp
113       is  always  set  to  the  epoch and therefore not changed, allowing the
114       image's sha256 to remain the same.
115
116

EXAMPLE

118       This example saves an image based on the container.
119        buildah commit containerID newImageName
120
121
122       This example saves an image named newImageName based on the container.
123        buildah commit --rm containerID newImageName
124
125
126       This example saves an image based on the container  disabling  compres‐
127       sion.
128        buildah commit --disable-compression containerID
129
130
131       This  example  saves an image named newImageName based on the container
132       disabling compression.
133        buildah commit --disable-compression containerID newImageName
134
135
136       This example commits the container to the image on the  local  registry
137       while turning off tls verification.
138        buildah    commit   --tls-verify=false   containerID   docker://local‐
139       host:5000/imageId
140
141
142       This example commits the container to the image on the  local  registry
143       using credentials and certificates for authentication.
144        buildah  commit  --cert-dir    /auth   --tls-verify=true --creds=user‐
145       name:password containerID docker://localhost:5000/imageId
146
147
148       This example commits the container to the image on the  local  registry
149       using  credentials  from  the /tmp/auths/myauths.json file and certifi‐
150       cates for authentication.
151        buildah commit --authfile /tmp/auths/myauths.json  --cert-dir    /auth
152       --tls-verify=true --creds=username:password containerID docker://local‐
153       host:5000/imageName
154
155

ENVIRONMENT

157       BUILD_REGISTRY_SOURCES
158
159
160       BUILD_REGISTRY_SOURCES, if set, is treated as a JSON object which  con‐
161       tains  lists  of  registry  names  under  the  keys insecureRegistries,
162       blockedRegistries, and allowedRegistries.
163
164
165       When committing an image, if the image is to be given a name, the  por‐
166       tion  of  the  name  that  corresponds to a registry is compared to the
167       items in the blockedRegistries list, and if it matches any of them, the
168       commit  attempt  is denied.  If there are registries in the allowedReg‐
169       istries list, and the portion of the name that corresponds to the  reg‐
170       istry is not in the list, the commit attempt is denied.
171
172

FILES

174       registries.conf (/etc/containers/registries.conf)
175
176
177       registries.conf  is  the  configuration file which specifies which con‐
178       tainer registries should be consulted when completing image names which
179       do not include a registry or domain portion.
180
181
182       policy.json (/etc/containers/policy.json)
183
184
185       Signature  policy  file.   This  defines the trust policy for container
186       images.  Controls which container registries can be used for image, and
187       whether or not the tool should trust the images.
188
189

SEE ALSO

191       buildah(1), policy.json(5), registries.conf(5)
192
193
194
195buildah                           March 2017                 buildah-commit(1)
Impressum