1buildah-commit(1)           General Commands Manual          buildah-commit(1)
2
3
4

NAME

6       buildah-commit - Create an image from a working container.
7
8

SYNOPSIS

10       buildah commit [options] container [image]
11
12

DESCRIPTION

14       Writes a new image using the specified container's read-write layer and
15       if it is based on an image, the layers of that image.   If  image  does
16       not  begin  with  a registry name component, localhost will be added to
17       the name.  If image is not provided, the values for the REPOSITORY  and
18       TAG values of the created image will each be set to <none>.
19
20

RETURN VALUE

22       The  image  ID  of the image that was created.  On error, 1 is returned
23       and errno is returned.
24
25

OPTIONS

27       --authfile path
28
29
30       Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/contain‐
31       ers/auth.json,  which is set using buildah login.  If the authorization
32       state is not found there, $HOME/.docker/config.json is  checked,  which
33       is set using docker login.
34
35
36       --cert-dir path
37
38
39       Use  certificates at path (*.crt, *.cert, *.key) to connect to the reg‐
40       istry.  Default certificates directory is /etc/containers/certs.d.
41
42
43       --creds creds
44
45
46       The [username[:password]] to use to authenticate with the  registry  if
47       required.   If  one  or  both  values  are not supplied, a command line
48       prompt will appear and the value  can  be  entered.   The  password  is
49       entered without echo.
50
51
52       --disable-compression, -D
53
54
55       Don't  compress  filesystem layers when building the image unless it is
56       required by the location where the image is being written.  This is the
57       default setting, because image layers are compressed automatically when
58       they are pushed to registries, and images being written to local  stor‐
59       age would only need to be decompressed again to be stored.  Compression
60       can be forced in all cases by specifying --disable-compression=false.
61
62
63       --format
64
65
66       Control the format for the image manifest and configuration data.  Rec‐
67       ognized  formats  include  oci  (OCI  image-spec v1.0, the default) and
68       docker (version 2, using schema format 2 for the manifest).
69
70
71       Note: You can also override the default format  by  setting  the  BUIL‐
72       DAH_FORMAT environment variable.  export BUILDAH\_FORMAT=docker
73
74
75       --iidfile ImageIDfile
76
77
78       Write the image ID to the file.
79
80
81       --quiet
82
83
84       When writing the output image, suppress progress output.
85
86
87       --rm  Remove  the  container  and its content after committing it to an
88       image.  Default leaves the container and its content in place.
89
90
91       --sign-by fingerprint
92
93
94       Sign the new image using the GPG key that matches the specified finger‐
95       print.
96
97
98       --squash
99
100
101       Squash  all of the new image's layers (including those inherited from a
102       base image) into a single new layer.
103
104
105       --tls-verify bool-value
106
107
108       Require HTTPS and verify certificates when talking  to  container  reg‐
109       istries (defaults to true)
110
111
112       --omit-timestamp bool-value
113
114
115       Set  the  create timestamp to epoch 0 to allow for deterministic builds
116       (defaults to false).  By default, the created timestamp is changed  and
117       written  into the image manifest with every commit, causing the image's
118       sha256 hash to be different even if the sources are  exactly  the  same
119       otherwise.  When --omit-timestamp is set to true, the created timestamp
120       is always set to the epoch and  therefore  not  changed,  allowing  the
121       image's sha256 to remain the same.
122
123

EXAMPLE

125       This example saves an image based on the container.
126        buildah commit containerID newImageName
127
128
129       This example saves an image named newImageName based on the container.
130        buildah commit --rm containerID newImageName
131
132
133       This  example  saves an image based on the container disabling compres‐
134       sion.
135        buildah commit --disable-compression containerID
136
137
138       This example saves an image named newImageName based on  the  container
139       disabling compression.
140        buildah commit --disable-compression containerID newImageName
141
142
143       This  example  commits the container to the image on the local registry
144       while turning off tls verification.
145        buildah   commit   --tls-verify=false   containerID    docker://local‐
146       host:5000/imageId
147
148
149       This  example  commits the container to the image on the local registry
150       using credentials and certificates for authentication.
151        buildah commit  --cert-dir    /auth   --tls-verify=true  --creds=user‐
152       name:password containerID docker://localhost:5000/imageId
153
154
155       This  example  commits the container to the image on the local registry
156       using credentials from the /tmp/auths/myauths.json  file  and  certifi‐
157       cates for authentication.
158        buildah  commit  --authfile  /tmp/auths/myauths.json --cert-dir  /auth
159       --tls-verify=true --creds=username:password containerID docker://local‐
160       host:5000/imageName
161
162

ENVIRONMENT

164       BUILD_REGISTRY_SOURCES
165
166
167       BUILD_REGISTRY_SOURCES,  if set, is treated as a JSON object which con‐
168       tains lists  of  registry  names  under  the  keys  insecureRegistries,
169       blockedRegistries, and allowedRegistries.
170
171
172       When  committing an image, if the image is to be given a name, the por‐
173       tion of the name that corresponds to a  registry  is  compared  to  the
174       items in the blockedRegistries list, and if it matches any of them, the
175       commit attempt is denied.  If there are registries in  the  allowedReg‐
176       istries  list, and the portion of the name that corresponds to the reg‐
177       istry is not in the list, the commit attempt is denied.
178
179
180       TMPDIR The TMPDIR environment variable allows the user to specify where
181       temporary  files are stored while pulling and pushing images.  Defaults
182       to '/var/tmp'.
183
184

FILES

186       registries.conf (/etc/containers/registries.conf)
187
188
189       registries.conf is the configuration file which  specifies  which  con‐
190       tainer registries should be consulted when completing image names which
191       do not include a registry or domain portion.
192
193
194       policy.json (/etc/containers/policy.json)
195
196
197       Signature policy file.  This defines the  trust  policy  for  container
198       images.  Controls which container registries can be used for image, and
199       whether or not the tool should trust the images.
200
201

SEE ALSO

203       buildah(1), containers-policy.json(5), containers-registries.conf(5)
204
205
206
207buildah                           March 2017                 buildah-commit(1)
Impressum