1buildah-push(1)             General Commands Manual            buildah-push(1)
2
3
4

NAME

6       buildah-push  -  Push an image, manifest list or image index from local
7       storage to elsewhere.
8
9

SYNOPSIS

11       buildah push [options] image [destination]
12
13

DESCRIPTION

15       Pushes an image from local storage to a specified  destination,  decom‐
16       pressing and recompessing layers as needed.
17
18

imageID

20       Image stored in local container/storage
21
22

DESTINATION

24       DESTINATION  is  the location the container image is pushed to. It sup‐
25       ports all transports from containers-transports(5)  (see  examples  be‐
26       low).  If  no  transport is specified, the docker (i.e., container reg‐
27       istry) transport is used.
28
29

OPTIONS

31       --all
32
33
34       If specified image is a manifest list or image index, push  the  images
35       in addition to the list or index itself.
36
37
38       --authfile path
39
40
41       Path  of  the  authentication file. Default is ${XDG_\RUNTIME_DIR}/con‐
42       tainers/auth.json. If  XDG_RUNTIME_DIR  is  not  set,  the  default  is
43       /run/containers/$UID/auth.json.  This file is created using buildah lo‐
44       gin.
45
46
47       If the authorization  state  is  not  found  there,  $HOME/.docker/con‐
48       fig.json is checked, which is set using docker login.
49
50
51       Note: You can also override the default path of the authentication file
52       by setting the REGISTRY_AUTH_FILE  environment  variable.  export  REG‐
53       ISTRY_AUTH_FILE=path
54
55
56       --cert-dir path
57
58
59       Use  certificates at path (*.crt, *.cert, *.key) to connect to the reg‐
60       istry.  The default certificates directory is /etc/containers/certs.d.
61
62
63       --compression-format format
64
65
66       Specifies the compression format to use.  Supported values  are:  gzip,
67       zstd and zstd:chunked.
68
69
70       --compression-level level
71
72
73       Specify the compression level used with the compression.
74
75
76       Specifies  the  compression level to use.  The value is specific to the
77       compression algorithm used, e.g. for zstd the accepted  values  are  in
78       the range 1-20 (inclusive), while for gzip it is 1-9 (inclusive).
79
80
81       --creds creds
82
83
84       The  [username[:password]]  to use to authenticate with the registry if
85       required.  If one or both values  are  not  supplied,  a  command  line
86       prompt  will  appear and the value can be entered.  The password is en‐
87       tered without echo.
88
89
90       --digestfile Digestfile
91
92
93       After copying the image, write the digest of the resulting image to the
94       file.
95
96
97       --disable-compression, -D
98
99
100       Don't compress copies of filesystem layers which will be pushed.
101
102
103       --encrypt-layer layer(s)
104
105
106       Layer(s)  to encrypt: 0-indexed layer indices with support for negative
107       indexing (e.g. 0 is the first layer, -1 is the last layer). If not  de‐
108       fined, will encrypt all layers if encryption-key flag is specified.
109
110
111       --encryption-key key
112
113
114       The  [protocol:keyfile] specifies the encryption protocol, which can be
115       JWE (RFC7516), PGP (RFC4880), and PKCS7 (RFC2315) and the key  material
116       required  for  image  encryption. For instance, jwe:/path/to/key.pem or
117       pgp:admin@example.com or pkcs7:/path/to/x509-file.
118
119
120       --format, -f
121
122
123       Manifest Type (oci, v2s2, or v2s1) to use when pushing an  image.  (de‐
124       fault is manifest type of the source image, with fallbacks)
125
126
127       --quiet, -q
128
129
130       When writing the output image, suppress progress output.
131
132
133       --remove-signatures
134
135
136       Don't copy signatures when pushing images.
137
138
139       --rm
140
141
142       When  pushing  a  manifest  list or image index, delete them from local
143       storage if pushing succeeds.
144
145
146       --sign-by fingerprint
147
148
149       Sign the pushed image using the GPG key that matches the specified fin‐
150       gerprint.
151
152
153       --tls-verify bool-value
154
155
156       Require  HTTPS  and  verification  of certificates when talking to con‐
157       tainer registries (defaults to true).  TLS verification cannot be  used
158       when talking to an insecure registry.
159
160

EXAMPLE

162       This  example  pushes the image specified by the imageID to a local di‐
163       rectory in docker format.
164
165
166       # buildah push imageID dir:/path/to/image
167
168
169       This example pushes the image specified by the imageID to a  local  di‐
170       rectory in oci format.
171
172
173       # buildah push imageID oci:/path/to/layout:image:tag
174
175
176       This example pushes the image specified by the imageID to a tar archive
177       in oci format.
178
179
180       # buildah push imageID oci-archive:/path/to/archive:image:tag
181
182
183       This example pushes the image specified by the imageID to  a  container
184       registry named registry.example.com.
185
186
187       # buildah push imageID docker://registry.example.com/repository:tag
188
189
190       This  example  pushes the image specified by the imageID to a container
191       registry named registry.example.com and saves the digest in the  speci‐
192       fied digestfile.
193
194
195       # buildah push --digestfile=/tmp/mydigest imageID docker://registry.ex‐
196       ample.com/repository:tag
197
198
199       This  example  works  like   docker   push,   assuming   registry.exam‐
200       ple.com/my_image is a local image.
201
202
203       # buildah push registry.example.com/my_image
204
205
206       This  example  pushes  the  image specified by the imageID to a private
207       container registry named registry.example.com with authentication  from
208       /tmp/auths/myauths.json.
209
210
211       # buildah push --authfile /tmp/auths/myauths.json imageID docker://reg‐
212       istry.example.com/repository:tag
213
214
215       This example pushes the image specified by the imageID and puts it into
216       the local docker container store.
217
218
219       # buildah push imageID docker-daemon:image:tag
220
221
222       This example pushes the image specified by the imageID and puts it into
223       the registry on the localhost while turning off tls verification.
224        # buildah push --tls-verify=false imageID localhost:5000/my-imageID
225
226
227       This example pushes the image specified by the imageID and puts it into
228       the  registry  on  the localhost using credentials and certificates for
229       authentication.
230        #  buildah  push  --cert-dir  ~/auth  --tls-verify=true  --creds=user‐
231       name:password imageID localhost:5000/my-imageID
232
233

ENVIRONMENT

235       BUILD_REGISTRY_SOURCES
236
237
238       BUILD_REGISTRY_SOURCES,  if set, is treated as a JSON object which con‐
239       tains lists  of  registry  names  under  the  keys  insecureRegistries,
240       blockedRegistries, and allowedRegistries.
241
242
243       When  pushing an image to a registry, if the portion of the destination
244       image name that corresponds to a registry is compared to the  items  in
245       the blockedRegistries list, and if it matches any of them, the push at‐
246       tempt is denied.  If there  are  registries  in  the  allowedRegistries
247       list,  and  the portion of the name that corresponds to the registry is
248       not in the list, the push attempt is denied.
249
250
251       TMPDIR The TMPDIR environment variable allows the user to specify where
252       temporary  files are stored while pulling and pushing images.  Defaults
253       to '/var/tmp'.
254
255

FILES

257       registries.conf (/etc/containers/registries.conf)
258
259
260       registries.conf is the configuration file which  specifies  which  con‐
261       tainer registries should be consulted when completing image names which
262       do not include a registry or domain portion.
263
264
265       policy.json (/etc/containers/policy.json)
266
267
268       Signature policy file.  This defines the trust policy for container im‐
269       ages.   Controls  which container registries can be used for image, and
270       whether or not the tool should trust the images.
271
272

SEE ALSO

274       buildah(1),  buildah-login(1),  containers-policy.json(5),   docker-lo‐
275       gin(1), containers-registries.conf(5), buildah-manifest(1)
276
277
278
279buildah                            June 2017                   buildah-push(1)
Impressum