1podman-manifest-push(1) General Commands Manual podman-manifest-push(1)
2
6 podman-manifest-push - Push a manifest list or image index to a reg‐
7 istry
8
11 podman manifest push [options] listnameorindexname [destination]
12
15 Pushes a manifest list or image index to a registry.
16
19 The list image's ID and the digest of the image's manifest.
20
23 --add-compression=compression
24 Makes sure that requested compression variant for each platform is
25 added to the manifest list keeping original instance intact in the same
26 manifest list. Supported values are (gzip, zstd and zstd:chunked). Fol‐
27 lowing flag can be used multiple times.
28 Note that --compression-format controls the compression format of each
31 instance in the manifest list. --add-compression will add another vari‐
32 ant for each instance in the list with the specified compressions.
33 --compression-format gzip --add-compression zstd will push a manifest
34 list with each instance being compressed with gzip plus an additional
35 variant of each instance being compressed with zstd.
36 --all
39 Push the images mentioned in the manifest list or image index, in addi‐
40 tion to the list or index itself. (Default true)
41 --authfile=path
44 Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/contain‐
45 ers/auth.json on Linux, and $HOME/.config/containers/auth.json on Win‐
46 dows/macOS. The file is created by podman login. If the authorization
47 state is not found there, $HOME/.docker/config.json is checked, which
48 is set using docker login.
49 Note: There is also the option to override the default path of the au‐
52 thentication file by setting the REGISTRY_AUTH_FILE environment vari‐
53 able. This can be done with export REGISTRY_AUTH_FILE=path.
54 --cert-dir=path
57 Use certificates at path (*.crt, *.cert, *.key) to connect to the reg‐
58 istry. (Default: /etc/containers/certs.d) For details, see containers-
59 certs.d(5). (This option is not available with the remote Podman
60 client, including Mac and Windows (excluding WSL2) machines)
61 --compression-format=gzip | zstd | zstd:chunked
64 Specifies the compression format to use. Supported values are: gzip,
65 zstd and zstd:chunked. The default is gzip unless overridden in the
66 containers.conf file.
67 --compression-level=level
70 Specifies the compression level to use. The value is specific to the
71 compression algorithm used, e.g. for zstd the accepted values are in
72 the range 1-20 (inclusive) with a default of 3, while for gzip it is
73 1-9 (inclusive) and has a default of 5.
74 --creds=[username[:password]]
77 The [username[:password]] to use to authenticate with the registry, if
78 required. If one or both values are not supplied, a command line
79 prompt appears and the value can be entered. The password is entered
80 without echo.
81 Note that the specified credentials are only used to authenticate
84 against target registries. They are not used for mirrors or when the
85 registry gets rewritten (see containers-registries.conf(5)); to authen‐
86 ticate against those consider using a containers-auth.json(5) file.
87 --digestfile=Digestfile
90 After copying the image, write the digest of the resulting image to the
91 file.
92 --force-compression
95 If set, push uses the specified compression algorithm even if the des‐
96 tination contains a differently-compressed variant already. Defaults
97 to true if --compression-format is explicitly specified on the command-
98 line, false otherwise.
99 --format, -f=format
102 Manifest list type (oci or v2s2) to use when pushing the list (default
103 is oci).
104 --quiet, -q
107 When writing the manifest, suppress progress output
108 --remove-signatures
111 Don't copy signatures when pushing images.
112 --rm
115 Delete the manifest list or image index from local storage if pushing
116 succeeds.
117 --sign-by=fingerprint
120 Sign the pushed images with a “simple signing” signature using the
121 specified key. (This option is not available with the remote Podman
122 client, including Mac and Windows (excluding WSL2) machines)
123 --sign-by-sigstore=*param-file***
126 Add a sigstore signature based on further options specified in a con‐
127 tainer's sigstore signing parameter file param-file. See containers-
128 sigstore-signing-params.yaml(5) for details about the file format.
129 --sign-by-sigstore-private-key=path
132 Sign the pushed images with a sigstore signature using a private key at
133 the specified path. (This option is not available with the remote Pod‐
134 man client, including Mac and Windows (excluding WSL2) machines)
135 --sign-passphrase-file=path
138 If signing the image (using either --sign-by or --sign-by-sigstore-pri‐
139 vate-key), read the passphrase to use from the specified path.
140 --tls-verify
143 Require HTTPS and verify certificates when contacting registries (de‐
144 fault: true). If explicitly set to true, TLS verification is used. If
145 set to false, TLS verification is not used. If not specified, TLS ver‐
146 ification is used unless the target registry is listed as an insecure
147 registry in containers-registries.conf(5)
148
151 DESTINATION is the location the container image is pushed to. It sup‐
152 ports all transports from containers-transports(5). If no transport is
153 specified, the docker (i.e., container registry) transport is used.
154 For remote clients, including Mac and Windows (excluding WSL2) ma‐
155 chines, docker is the only supported transport.
156
159 podman manifest push mylist:v1.11 docker://registry.example.org/mylist:v1.11
160
164 podman(1), podman-manifest(1), containers-transports(5)
165 podman-manifest-push(1)