1SKOPEO(1)(Skopeo) SKOPEO(1)(Skopeo)
2Jhon Honce August 2016
6
8 skopeo -- Command line utility used to interact with local and remote
9 container images and container image registries
10
13 skopeo [global options] command [command options]
14
17 skopeo is a command line utility providing various operations with con‐
18 tainer images and container image registries.
19 skopeo can copy container images between various containers image
22 stores, converting them as necessary. For example you can use skopeo
23 to copy container images from one container registry to another.
24 skopeo can convert a Docker schema 2 or schema 1 container image to an
27 OCI image.
28 skopeo can inspect a repository on a container registry without need‐
31 lessly pulling the image. Pulling an image from a repository, espe‐
32 cially a remote repository, is an expensive network and storage opera‐
33 tion. Skopeo fetches the repository's manifest and displays a docker
34 inspect-like json output about the repository or a tag. skopeo, in con‐
35 trast to docker inspect, helps you gather useful information about a
36 repository or a tag without requiring you to run docker pull - e.g. -
37 Which tags are available for the given repository? Which labels does
38 the image have?
39 skopeo can sign and verify container images.
42 skopeo can delete container images from a remote container registry.
45 Note: skopeo does not require any container runtimes to be running, to
48 do most of its functionality. It also does not require root, unless
49 you are copying images into a container runtime storage backend, like
50 the docker daemon or github.com/containers/storage.
51
54 Most commands refer to container images, using a transport:details for‐
55 mat. The following formats are supported:
56 containers-storage:docker-reference
59 An image located in a local containers/storage image store. Both the
60 location and image store are specified in /etc/containers/storage.conf.
61 (Backend for Podman, CRI-O, Buildah and friends)
62 dir:path
65 An existing local directory path storing the manifest, layer tarballs
66 and signatures as individual files. This is a non-standardized format,
67 primarily useful for debugging or noninvasive container inspection.
68 docker://docker-reference
71 An image in a registry implementing the "Docker Registry HTTP API
72 V2". By default, uses the authorization state in either $XDG_RUN‐
73 TIME_DIR/containers/auth.json, which is set using (skopeo login). If
74 the authorization state is not found there, $HOME/.docker/config.json
75 is checked, which is set using (docker login).
76 docker-archive:path[:docker-reference]
79 An image is stored in the docker save formatted file. docker-refer‐
80 ence is only used when creating such a file, and it must not contain a
81 digest.
82 docker-daemon:docker-reference
85 An image docker-reference stored in the docker daemon internal stor‐
86 age. docker-reference must contain either a tag or a digest. Alterna‐
87 tively, when reading images, the format can be docker-daemon:algo:di‐
88 gest (an image ID).
89 oci:path:tag
92 An image tag in a directory compliant with "Open Container Image Lay‐
93 out Specification" at path.
94 oci-archive:path:tag
97 An image tag in a tar archive compliant with "Open Container Image
98 Layout Specification" at path.
99 See containers-transports(5) ⟨https://github.com/containers/im‐
102 age/blob/main/docs/containers-transports.5.md⟩ for details.
103
106 These options should be placed before the subcommand name. Individual
107 subcommands have their own options.
108 --command-timeout duration
111 Timeout for the command execution.
114 --debug
117 enable debug output
120 --help, -h
123 Show help
126 --insecure-policy
129 Adopt an insecure, permissive policy that allows anything. This obvi‐
132 ates the need for a policy file.
133 --override-arch arch
136 Use arch instead of the architecture of the machine for choosing im‐
139 ages.
140 --override-os os
143 Use OS instead of the running OS for choosing images.
146 --override-variant variant
149 Use variant instead of the running architecture variant for choosing
152 images.
153 --policy path-to-policy
156 Path to a policy.json file to use for verifying signatures and deciding
159 whether an image is trusted, overriding the default trust policy file.
160 --registries.d dir
163 Use registry configuration files in dir (e.g. for container signature
166 storage), overriding the default path.
167 --tmpdir dir
170 Directory used to store temporary files. Defaults to /var/tmp.
173 --version, -v
176 Print the version number
179
182 ┌────────────────────────────┬─────────────────────────────────────────────────────────────────────────────┐
183 │Command │ Description │
184 ├────────────────────────────┼─────────────────────────────────────────────────────────────────────────────┤
185 │skopeo-copy(1) │ Copy an image (manifest, filesystem layers, signatures) from one location │
186 │ │ to another. │
187 ├────────────────────────────┼─────────────────────────────────────────────────────────────────────────────┤
188 │skopeo-delete(1) │ Mark the image-name for later deletion by the registry's garbage collector. │
189 ├────────────────────────────┼─────────────────────────────────────────────────────────────────────────────┤
190 │skopeo-generate-sigstore- │ │
191 │key(1) │ │
192 ├────────────────────────────┼─────────────────────────────────────────────────────────────────────────────┤
193 │ │ Generate a sigstore public/private key pair. │
194 ├────────────────────────────┼─────────────────────────────────────────────────────────────────────────────┤
195 │skopeo-inspect(1) │ Return low-level information about image-name in a registry. │
196 ├────────────────────────────┼─────────────────────────────────────────────────────────────────────────────┤
197 │skopeo-list-tags(1) │ List image names in a transport-specific collection of images. │
198 ├────────────────────────────┼─────────────────────────────────────────────────────────────────────────────┤
199 │skopeo-login(1) │ Login to a container registry. │
200 ├────────────────────────────┼─────────────────────────────────────────────────────────────────────────────┤
201 │skopeo-logout(1) │ Logout of a container registry. │
202 ├────────────────────────────┼─────────────────────────────────────────────────────────────────────────────┤
203 │skopeo-manifest-digest(1) │ Compute a manifest digest for a manifest-file and write it to standard out‐ │
204 │ │ put. │
205 ├────────────────────────────┼─────────────────────────────────────────────────────────────────────────────┤
206 │skopeo-standalone-sign(1) │ Debugging tool - Publish and sign an image in one step. │
207 ├────────────────────────────┼─────────────────────────────────────────────────────────────────────────────┤
208 │skopeo-standalone-verify(1) │ Verify an image signature. │
209 ├────────────────────────────┼─────────────────────────────────────────────────────────────────────────────┤
210 │skopeo-sync(1) │ Synchronize images between registry repositories and local directories. │
211 └────────────────────────────┴─────────────────────────────────────────────────────────────────────────────┘
212
214 /etc/containers/policy.json
215 Default trust policy file, if --policy is not specified.
216 The policy format is documented in containers-policy.json(5)
217 ⟨https://github.com/containers/image/blob/main/docs/containers-pol‐
218 icy.json.5.md⟩ .
219 /etc/containers/registries.d
222 Default directory containing registry configuration, if --reg‐
223 istries.d is not specified.
224 The contents of this directory are documented in containers-reg‐
225 istries.d(5) ⟨https://github.com/containers/image/blob/main/docs/con‐
226 tainers-registries.d.5.md⟩.
227
230 skopeo-login(1), docker-login(1), containers-auth.json(5), containers-
231 storage.conf(5), containers-policy.json(5), containers-transports(5)
232
235 Antonio Murdaca runcom@redhat.com ⟨mailto:runcom@redhat.com⟩, Miloslav
236 Trmac mitr@redhat.com ⟨mailto:mitr@redhat.com⟩, Jhon Honce jhonce@red‐
237 hat.com ⟨mailto:jhonce@redhat.com⟩
238Pages Man SKOPEO(1)(Skopeo)