1SKOPEO(1)(Skopeo) SKOPEO(1)(Skopeo)
2
3
4
5Jhon Honce August 2016
6
8 skopeo -- Command line utility used to interact with local and remote
9 container images and container image registries
10
11
13 skopeo [global options] command [command options]
14
15
17 skopeo is a command line utility providing various operations with con‐
18 tainer images and container image registries.
19
20
21 skopeo can copy container images between various containers image
22 stores, converting them as necessary. For example you can use skopeo
23 to copy container images from one container registry to another.
24
25
26 skopeo can convert a Docker schema 2 or schema 1 container image to an
27 OCI image.
28
29
30 skopeo can inspect a repository on a container registry without need‐
31 lessly pulling the image. Pulling an image from a repository, espe‐
32 cially a remote repository, is an expensive network and storage opera‐
33 tion. Skopeo fetches the repository's manifest and displays a docker
34 inspect-like json output about the repository or a tag. skopeo, in con‐
35 trast to docker inspect, helps you gather useful information about a
36 repository or a tag without requiring you to run docker pull - e.g. -
37 Which tags are available for the given repository? Which labels does
38 the image have?
39
40
41 skopeo can sign and verify container images.
42
43
44 skopeo can delete container images from a remote container registry.
45
46
47 Note: skopeo does not require any container runtimes to be running, to
48 do most of its functionality. It also does not require root, unless
49 you are copying images into a container runtime storage backend, like
50 the docker daemon or github.com/containers/storage.
51
52
54 Most commands refer to container images, using a transport:details for‐
55 mat. The following formats are supported:
56
57
58 containers-storage:docker-reference
59 An image located in a local containers/storage image store. Location
60 and image store specified in /etc/containers/storage.conf
61
62
63 dir:path
64 An existing local directory path storing the manifest, layer tarballs
65 and signatures as individual files. This is a non-standardized format,
66 primarily useful for debugging or noninvasive container inspection.
67
68
69 docker://docker-reference
70 An image in a registry implementing the "Docker Registry HTTP API
71 V2". By default, uses the authorization state in either $XDG_RUN‐
72 TIME_DIR/containers/auth.json, which is set using (podman login). If
73 the authorization state is not found there, $HOME/.docker/config.json
74 is checked, which is set using (docker login).
75
76
77 docker-archive:path[:docker-reference]
78 An image is stored in the docker save formatted file. docker-refer‐
79 ence is only used when creating such a file, and it must not contain a
80 digest.
81
82
83 docker-daemon:docker-reference
84 An image docker-reference stored in the docker daemon internal stor‐
85 age. docker-reference must contain either a tag or a digest. Alterna‐
86 tively, when reading images, the format can be docker-dae‐
87 mon:algo:digest (an image ID).
88
89
90 oci:path:tag
91 An image tag in a directory compliant with "Open Container Image Lay‐
92 out Specification" at path.
93
94
96 --command-timeout duration Timeout for the command execution.
97
98
99 --debug enable debug output
100
101
102 --help|-h Show help
103
104
105 --insecure-policy Adopt an insecure, permissive policy that allows any‐
106 thing. This obviates the need for a policy file.
107
108
109 --override-arch arch Use arch instead of the architecture of the
110 machine for choosing images.
111
112
113 --override-os OS Use OS instead of the running OS for choosing images.
114
115
116 --override-variant VARIANT Use VARIANT instead of the running architec‐
117 ture variant for choosing images.
118
119
120 --policy path-to-policy Path to a policy.json file to use for verifying
121 signatures and deciding whether an image is trusted, overriding the
122 default trust policy file.
123
124
125 --registries.d dir use registry configuration files in dir (e.g. for
126 container signature storage), overriding the default path.
127
128
129 --tmpdir dir used to store temporary files. Defaults to /var/tmp.
130
131
132 --version|-v print the version number
133
134
136 ┌────────────────────────────┬───────────────────────────────┐
137 │Command │ Description │
138 ├────────────────────────────┼───────────────────────────────┤
139 │skopeo-copy(1) │ Copy an image (manifest, │
140 │ │ filesystem layers, signa‐ │
141 │ │ tures) from one location to │
142 │ │ another. │
143 ├────────────────────────────┼───────────────────────────────┤
144 │skopeo-delete(1) │ Mark image-name for deletion. │
145 ├────────────────────────────┼───────────────────────────────┤
146 │skopeo-inspect(1) │ Return low-level information │
147 │ │ about image-name in a reg‐ │
148 │ │ istry. │
149 ├────────────────────────────┼───────────────────────────────┤
150 │skopeo-list-tags(1) │ List the tags for the given │
151 │ │ transport/repository. │
152 ├────────────────────────────┼───────────────────────────────┤
153 │skopeo-manifest-digest(1) │ Compute a manifest digest of │
154 │ │ manifest-file and write it to │
155 │ │ standard output. │
156 ├────────────────────────────┼───────────────────────────────┤
157 │skopeo-standalone-sign(1) │ Sign an image. │
158 ├────────────────────────────┼───────────────────────────────┤
159 │skopeo-standalone-verify(1) │ Verify an image. │
160 ├────────────────────────────┼───────────────────────────────┤
161 │skopeo-sync(1) │ Copy images from one or more │
162 │ │ repositories to a user speci‐ │
163 │ │ fied destination. │
164 └────────────────────────────┴───────────────────────────────┘
165
167 /etc/containers/policy.json
168 Default trust policy file, if --policy is not specified.
169 The policy format is documented in https://github.com/contain‐
170 ers/image/blob/master/docs/containers-policy.json.5.md .
171
172
173 /etc/containers/registries.d
174 Default directory containing registry configuration, if --reg‐
175 istries.d is not specified.
176 The contents of this directory are documented in
177 https://github.com/containers/image/blob/master/docs/containers-pol‐
178 icy.json.5.md .
179
180
182 podman-login(1), docker-login(1)
183
184
186 Antonio Murdaca runcom@redhat.com ⟨mailto:runcom@redhat.com⟩, Miloslav
187 Trmac mitr@redhat.com ⟨mailto:mitr@redhat.com⟩, Jhon Honce jhonce@red‐
188 hat.com ⟨mailto:jhonce@redhat.com⟩
189
190
191
192Pages Man SKOPEO(1)(Skopeo)