1podman-pull(1)() podman-pull(1)()
2
6 podman-pull - Pull an image from a registry
7
10 podman pull [options] source [source...]
11 podman image pull [options] source [source...]
14 podman pull [options] [transport]name[:tag|@digest]
17 podman image pull [options] [transport]name[:tag|@digest]
20
23 podman pull copies an image from a registry onto the local machine. The
24 command can pull one or more images. If the image reference in the
25 command line argument does not contain a registry, it is referred to as
26 ashort-name reference. If the image is a 'short-name' reference, Podman
27 will prompt the user for the specific container registry to pull the
28 image from, if an alias for the short-name has not been specified in
29 the short-name-aliases.conf. If an image tag is not specified, podman
30 pull defaults to the image with the latest tag (if it exists) and pulls
31 it. After the image is pulled, podman will print the full image ID.
32 podman pull can also pull images using a digest podman pull image@di‐
33 gest and can also be used to pull images from archives and local stor‐
34 age using different transports. IMPORTANT: Images are stored in local
35 image storage.
36
39 SOURCE is the location from the container image is pulled from. It sup‐
40 ports all transports from containers-transports(5). If no transport is
41 specified, the input is subject to short-name resolution and the docker
42 (i.e., container registry) transport is used. For remote clients,
43 docker is the only supported transport.
44 # Pull from a container registry
47 $ podman pull quay.io/username/myimage
48 # Pull from a container registry with short-name resolution
50 $ podman pull fedora
51 # Pull from a container registry via the docker transport
53 $ podman pull docker://quay.io/username/myimage
54 # Pull from a local directory
56 $ podman pull dir:/tmp/myimage
57 # Pull from a tarball in the docker-archive format
59 $ podman pull docker-archive:/tmp/myimage
60 # Pull from a local docker daemon
62 $ sudo podman pull docker-daemon:docker.io/library/myimage:33
63 # Pull from a tarball in the OCI-archive format
65 $ podman pull oci-archive:/tmp/myimage
66
70 --all-tags
71 All tagged images in the repository will be pulled.
72 *IMPORTANT: When using the all-tags flag, Podman will not iterate over
75 the search registries in the containers-registries.conf(5) but will al‐
76 ways use docker.io for unqualified image names.*
77 --arch=ARCH
80 Override the architecture, defaults to hosts, of the image to be
81 pulled. For example, arm.
82 --authfile=path
85 Path of the authentication file. If the authorization state is not
86 found there, $HOME/.docker/config.json is checked, which is set using
87 docker login.
88 Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set us‐
91 ing podman login.
92 IMPORTANT: The default path of the authentication file can be overwrit‐
95 ten by setting the REGISTRY\_AUTH\_FILE environment variable. export
96 REGISTRY_AUTH_FILE=path
97 --cert-dir=path
100 Use certificates at path (*.crt, *.cert, *.key) to connect to the reg‐
101 istry. Please refer to containers-certs.d(5) for details. (This option
102 is not available with the remote Podman client)
103 --creds=[username[:password]]
106 The [username[:password]] to use to authenticate with the registry if
107 required. If one or both values are not supplied, a command line
108 prompt will appear and the value can be entered. The password is en‐
109 tered without echo.
110 --disable-content-trust
113 This is a Docker specific option to disable image verification to a
114 Docker registry and is not supported by Podman. This flag is a NOOP
115 and provided solely for scripting compatibility.
116 --help, -h
119 Print the usage statement.
120 --os=OS
123 Override the OS, defaults to hosts, of the image to be pulled. For ex‐
124 ample, windows.
125 --platform=OS/ARCH
128 Specify the platform for selecting the image. The --platform option can
129 be used to override the current architecture and operating system.
130 IMPORTANT: Conflicts with --arch and --os
133 --quiet, -q
136 Suppress output information when pulling images
137 --tls-verify=true|false
140 Require HTTPS and verify certificates when contacting registries (de‐
141 fault: true). If explicitly set to true, then TLS verification will be
142 used. If set to false, then TLS verification will not be used. If not
143 specified, TLS verification will be used unless the target registry is
144 listed as an insecure registry in registries.conf.
145 --variant=VARIANT
148 Use VARIANT instead of the default architecture variant of the con‐
149 tainer image. Some images can use multiple variants of the arm archi‐
150 tectures, such as arm/v5 and arm/v7.
151
154 short-name-aliases.conf (/var/cache/containers/short-name-aliases.conf,
155 $HOME/.cache/containers/short-name-aliases.conf)
156 When users specify images that do not include the container registry
159 where the image is stored, this is called a short name. The use of un‐
160 qualified-search registries entails an ambiguity as it is unclear from
161 which registry a given image, referenced by a short name, may be pulled
162 from.
163 Using short names is subject to the risk of hitting squatted registry
166 namespaces. If the unqualified-search registries are set to ["public-
167 registry.com", "my-private-registry.com"] an attacker may take over a
168 namespace of public-registry.com such that an image may be pulled from
169 public-registry.com instead of the intended source my-private-reg‐
170 istry.com.
171 While it is highly recommended to always use fully-qualified image ref‐
174 erences, existing deployments using short names may not be easily
175 changed. To circumvent the aforementioned ambiguity, so called short-
176 name aliases can be configured that point to a fully-qualified image
177 reference. Distributions often ship a default shortnames.conf expansion
178 file in /etc/containers/registries.conf.d/ directory. Administrators
179 can use this directory to add their own local short-name expansion
180 files.
181 When pulling an image, if the user does not specify the complete reg‐
184 istry, container engines attempt to expand the short-name into a full
185 name. If the command is executed with a tty, the user will be prompted
186 to select a registry from the default list unqualified registries de‐
187 fined in registries.conf. The user's selection is then stored in a
188 cache file to be used in all future short-name expansions. Rootfull
189 short-names are stored in /var/cache/containers/short-name-
190 aliases.conf. Rootless short-names are stored in the $HOME/.cache/con‐
191 tainers/short-name-aliases.conf file.
192 For more information on short-names, see containers-registries.conf(5)
195 registries.conf (/etc/containers/registries.conf)
198 registries.conf is the configuration file which specifies which con‐
201 tainer registries should be consulted when completing image names which
202 do not include a registry or domain portion.
203 NOTE: Use the environment variable TMPDIR to change the temporary stor‐
206 age location of downloaded container images. Podman defaults to use
207 /var/tmp.
208
211 Pull a single image with short name resolution.
212 $ podman pull alpine:latest
215 Resolved "alpine" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
216 Trying to pull docker.io/library/alpine:latest...
217 Getting image source signatures
218 Copying blob 5843afab3874 done
219 Copying config d4ff818577 done
220 Writing manifest to image destination
221 Storing signatures
222 d4ff818577bc193b309b355b02ebc9220427090057b54a59e73b79bdfe139b83
223 Pull multiple images with/without short name resolution.
227 podman pull busybox:musl alpine quay.io/libpod/cirros
230 Trying to pull docker.io/library/busybox:musl...
231 Getting image source signatures
232 Copying blob 0c52b060233b [--------------------------------------] 0.0b / 0.0b
233 Copying config 9ad2c435a8 done
234 Writing manifest to image destination
235 Storing signatures
236 9ad2c435a887e3f723654e09b48563de44aa3c7950246b2e9305ec85dd3422db
237 Trying to pull docker.io/library/alpine:latest...
238 Getting image source signatures
239 Copying blob 5843afab3874 [--------------------------------------] 0.0b / 0.0b
240 Copying config d4ff818577 done
241 Writing manifest to image destination
242 Storing signatures
243 d4ff818577bc193b309b355b02ebc9220427090057b54a59e73b79bdfe139b83
244 Trying to pull quay.io/libpod/cirros:latest...
245 Getting image source signatures
246 Copying blob 8da581cc9286 done
247 Copying blob 856628d95d17 done
248 Copying blob f513001ba4ab done
249 Copying config 3c82e4d066 done
250 Writing manifest to image destination
251 Storing signatures
252 3c82e4d066cf6f9e50efaead6e3ff7fddddf5527826afd68e5a969579fc4db4a
253 Pull an image using its digest.
257 $ podman pull alpine@sha256:d7342993700f8cd7aba8496c2d0e57be0666e80b4c441925fc6f9361fa81d10e
260 Trying to pull docker.io/library/alpine@sha256:d7342993700f8cd7aba8496c2d0e57be0666e80b4c441925fc6f9361fa81d10e...
261 Getting image source signatures
262 Copying blob 188c0c94c7c5 done
263 Copying config d6e46aa247 done
264 Writing manifest to image destination
265 Storing signatures
266 d6e46aa2470df1d32034c6707c8041158b652f38d2a9ae3d7ad7e7532d22ebe0
267 Pull an image by specifying an authentication file.
271 $ podman pull --authfile temp-auths/myauths.json docker://docker.io/umohnani/finaltest
274 Trying to pull docker.io/umohnani/finaltest:latest...Getting image source signatures
275 Copying blob sha256:6d987f6f42797d81a318c40d442369ba3dc124883a0964d40b0c8f4f7561d913
276 1.90 MB / 1.90 MB [========================================================] 0s
277 Copying config sha256:ad4686094d8f0186ec8249fc4917b71faa2c1030d7b5a025c29f26e19d95c156
278 1.41 KB / 1.41 KB [========================================================] 0s
279 Writing manifest to image destination
280 Storing signatures
281 03290064078cb797f3e0a530e78c20c13dd22a3dd3adf84a5da2127b48df0438
282 Pull an image by authenticating to a registry.
286 $ podman pull --creds testuser:testpassword docker.io/umohnani/finaltest
289 Trying to pull docker.io/umohnani/finaltest:latest...Getting image source signatures
290 Copying blob sha256:6d987f6f42797d81a318c40d442369ba3dc124883a0964d40b0c8f4f7561d913
291 1.90 MB / 1.90 MB [========================================================] 0s
292 Copying config sha256:ad4686094d8f0186ec8249fc4917b71faa2c1030d7b5a025c29f26e19d95c156
293 1.41 KB / 1.41 KB [========================================================] 0s
294 Writing manifest to image destination
295 Storing signatures
296 03290064078cb797f3e0a530e78c20c13dd22a3dd3adf84a5da2127b48df0438
297 Pull an image using tls verification.
301 $ podman pull --tls-verify=false --cert-dir image/certs docker.io/umohnani/finaltest
304 Trying to pull docker.io/umohnani/finaltest:latest...Getting image source signatures
305 Copying blob sha256:6d987f6f42797d81a318c40d442369ba3dc124883a0964d40b0c8f4f7561d913
306 1.90 MB / 1.90 MB [========================================================] 0s
307 Copying config sha256:ad4686094d8f0186ec8249fc4917b71faa2c1030d7b5a025c29f26e19d95c156
308 1.41 KB / 1.41 KB [========================================================] 0s
309 Writing manifest to image destination
310 Storing signatures
311 03290064078cb797f3e0a530e78c20c13dd22a3dd3adf84a5da2127b48df0438
312 Pull an image by overriding the host architecture.
316 $ podman pull --arch=arm arm32v7/debian:stretch
319 Trying to pull docker.io/arm32v7/debian:stretch...
320 Getting image source signatures
321 Copying blob b531ae4a3925 done
322 Copying config 3cba58dad5 done
323 Writing manifest to image destination
324 Storing signatures
325 3cba58dad5d9b35e755b48b634acb3fdd185ab1c996ac11510cc72c17780e13c
326
330 podman(1), podman-push(1), podman-login(1), containers-certs.d(5), con‐
331 tainers-registries.conf(5), containers-transports(5)
332
335 July 2017, Originally compiled by Urvashi Mohnani umohnani@redhat.com
336 ⟨mailto:umohnani@redhat.com⟩
337 podman-pull(1)()