1SKOPEO(1)(Skopeo)                                            SKOPEO(1)(Skopeo)
2
3
4
5Jhon Honce August 2016
6

NAME

8       skopeo  --  Command line utility used to interact with local and remote
9       container images and container image registries
10
11

SYNOPSIS

13       skopeo [global options] command [command options]
14
15

DESCRIPTION

17       skopeo is a command line utility providing various operations with con‐
18       tainer images and container image registries.
19
20
21       skopeo  can  copy  container  images  between  various containers image
22       stores, converting them as necessary.  For example you can  use  skopeo
23       to copy container images from one container registry to another.
24
25
26       skopeo  can convert a Docker schema 2 or schema 1 container image to an
27       OCI image.
28
29
30       skopeo can inspect a repository on a container registry  without  need‐
31       lessly  pulling  the  image.  Pulling an image from a repository, espe‐
32       cially a remote repository, is an expensive network and storage  opera‐
33       tion.  Skopeo  fetches  the repository's manifest and displays a docker
34       inspect-like json output about the repository or a tag. skopeo, in con‐
35       trast  to  docker  inspect, helps you gather useful information about a
36       repository or a tag without requiring you to run docker pull -  e.g.  -
37       Which  tags  are  available for the given repository? Which labels does
38       the image have?
39
40
41       skopeo can sign and verify container images.
42
43
44       skopeo can delete container images from a remote container registry.
45
46
47       Note: skopeo does not require any container runtimes to be running,  to
48       do  most  of  its functionality.  It also does not require root, unless
49       you are copying images into a container runtime storage  backend,  like
50       the docker daemon or github.com/containers/storage.
51
52

IMAGE NAMES

54       Most commands refer to container images, using a transport:details for‐
55       mat. The following formats are supported:
56
57
58       containers-storage:docker-reference
59         An image located in a local containers/storage image store.  Location
60       and image store specified in /etc/containers/storage.conf
61
62
63       dir:path
64         An existing local directory path storing the manifest, layer tarballs
65       and signatures as individual files. This is a non-standardized  format,
66       primarily useful for debugging or noninvasive container inspection.
67
68
69       docker://docker-reference
70         An  image  in  a  registry implementing the "Docker Registry HTTP API
71       V2". By default, uses  the  authorization  state  in  either  $XDG_RUN‐
72       TIME_DIR/containers/auth.json,  which  is  set using (podman login). If
73       the authorization state is not found  there,  $HOME/.docker/config.json
74       is checked, which is set using (docker login).
75
76
77       docker-archive:path[:docker-reference]
78         An  image is stored in the docker save formatted file.  docker-refer‐
79       ence is only used when creating such a file, and it must not contain  a
80       digest.
81
82
83       docker-daemon:docker-reference
84         An  image docker-reference stored in the docker daemon internal stor‐
85       age.  docker-reference must contain either a tag or a digest.  Alterna‐
86       tively,   when   reading   images,   the   format  can  be  docker-dae‐
87       mon:algo:digest (an image ID).
88
89
90       oci:path:tag
91         An image tag in a directory compliant with "Open Container Image Lay‐
92       out Specification" at path.
93
94
95       ostree:image[@/absolute/repo/path]
96         An image in local OSTree repository.  /absolute/repo/path defaults to
97       /ostree/repo.
98
99

OPTIONS

101       --debug enable debug output
102
103
104       --policy path-to-policy Path to a policy.json file to use for verifying
105       signatures  and  deciding  whether  an image is trusted, overriding the
106       default trust policy file.
107
108
109       --insecure-policy Adopt an insecure, permissive policy that allows any‐
110       thing. This obviates the need for a policy file.
111
112
113       --registries.d  dir  use  registry configuration files in dir (e.g. for
114       container signature storage), overriding the default path.
115
116
117       --override-arch arch Use  arch  instead  of  the  architecture  of  the
118       machine for choosing images.
119
120
121       --override-os OS Use OS instead of the running OS for choosing images.
122
123
124       --command-timeout duration Timeout for the command execution.
125
126
127       --help|-h Show help
128
129
130       --version|-v print the version number
131
132

COMMANDS

134       ┌────────────────────────────┬───────────────────────────────┐
135Command                     Description                   
136       ├────────────────────────────┼───────────────────────────────┤
137skopeo-copy(1)              │ Copy   an   image  (manifest, │
138       │                            │ filesystem   layers,   signa‐ │
139       │                            │ tures)  from  one location to │
140       │                            │ another.                      │
141       ├────────────────────────────┼───────────────────────────────┤
142skopeo-delete(1)            │ Mark image-name for deletion. │
143       ├────────────────────────────┼───────────────────────────────┤
144skopeo-inspect(1)           │ Return low-level  information │
145       │                            │ about  image-name  in  a reg‐ │
146       │                            │ istry.                        │
147       ├────────────────────────────┼───────────────────────────────┤
148skopeo-manifest-digest(1)   │ Compute a manifest digest  of │
149       │                            │ manifest-file and write it to │
150       │                            │ standard output.              │
151       ├────────────────────────────┼───────────────────────────────┤
152skopeo-standalone-sign(1)   │ Sign an image.                │
153       ├────────────────────────────┼───────────────────────────────┤
154skopeo-standalone-verify(1) │ Verify an image.              │
155       └────────────────────────────┴───────────────────────────────┘
156

FILES

158       /etc/containers/policy.json
159         Default trust policy file, if --policy is not specified.
160         The  policy  format  is  documented  in   https://github.com/contain
161       ers/image/blob/master/docs/containers-policy.json.5.md .
162
163
164       /etc/containers/registries.d
165         Default   directory  containing  registry  configuration,  if  --reg‐
166       istries.d is not specified.
167         The    contents    of    this    directory    are    documented    in
168       https://github.com/containers/image/blob/master/docs/containers-pol
169       icy.json.5.md .
170
171

SEE ALSO

173       podman-login(1), docker-login(1)
174
175

AUTHORS

177       Antonio Murdaca runcom@redhat.com ⟨mailto:runcom@redhat.com⟩,  Miloslav
178       Trmac  mitr@redhat.com ⟨mailto:mitr@redhat.com⟩, Jhon Honce jhonce@red‐
179       hat.com ⟨mailto:jhonce@redhat.com⟩
180
181
182
183Pages                                 Man                    SKOPEO(1)(Skopeo)
Impressum