.nh .TH SKOPEO(1) Skopeo Man Pages Jhon Honce August 2016 .SH NAME .PP skopeo \-\- Command line utility used to interact with local and remote container images and container image registries .SH SYNOPSIS .PP \fBskopeo\fP [\fIglobal options\fP] \fIcommand\fP [\fIcommand options\fP] .SH DESCRIPTION .PP \fB\fCskopeo\fR is a command line utility providing various operations with container images and container image registries. .PP \fB\fCskopeo\fR can copy container images between various containers image stores, converting them as necessary. For example you can use \fB\fCskopeo\fR to copy container images from one container registry to another. .PP \fB\fCskopeo\fR can convert a Docker schema 2 or schema 1 container image to an OCI image. .PP \fB\fCskopeo\fR can inspect a repository on a container registry without needlessly pulling the image. Pulling an image from a repository, especially a remote repository, is an expensive network and storage operation. Skopeo fetches the repository's manifest and displays a \fB\fCdocker inspect\fR\-like json output about the repository or a tag. \fB\fCskopeo\fR, in contrast to \fB\fCdocker inspect\fR, helps you gather useful information about a repository or a tag without requiring you to run \fB\fCdocker pull\fR \- e.g. \- Which tags are available for the given repository? Which labels does the image have? .PP \fB\fCskopeo\fR can sign and verify container images. .PP \fB\fCskopeo\fR can delete container images from a remote container registry. .PP Note: \fB\fCskopeo\fR does not require any container runtimes to be running, to do most of its functionality. It also does not require root, unless you are copying images into a container runtime storage backend, like the docker daemon or github.com/containers/storage. .SH IMAGE NAMES .PP Most commands refer to container images, using a \fItransport\fP\fB\fC:\fR\fIdetails\fP format. The following formats are supported: .PP \fBcontainers\-storage:\fP\fIdocker\-reference\fP An image located in a local containers/storage image store. Both the location and image store are specified in /etc/containers/storage.conf. (Backend for Podman, CRI\-O, Buildah and friends) .PP \fBdir:\fP\fIpath\fP An existing local directory \fIpath\fP storing the manifest, layer tarballs and signatures as individual files. This is a non\-standardized format, primarily useful for debugging or noninvasive container inspection. .PP \fBdocker://\fP\fIdocker\-reference\fP An image in a registry implementing the "Docker Registry HTTP API V2". By default, uses the authorization state in either \fB\fC$XDG\_RUNTIME\_DIR/containers/auth.json\fR, which is set using \fB\fC(skopeo login)\fR\&. If the authorization state is not found there, \fB\fC$HOME/.docker/config.json\fR is checked, which is set using \fB\fC(docker login)\fR\&. .PP \fBdocker\-archive:\fP\fIpath\fP[\fB:\fP\fIdocker\-reference\fP] An image is stored in the \fB\fCdocker save\fR formatted file. \fIdocker\-reference\fP is only used when creating such a file, and it must not contain a digest. .PP \fBdocker\-daemon:\fP\fIdocker\-reference\fP An image \fIdocker\-reference\fP stored in the docker daemon internal storage. \fIdocker\-reference\fP must contain either a tag or a digest. Alternatively, when reading images, the format can be docker\-daemon:algo:digest (an image ID). .PP \fBoci:\fP\fIpath\fP\fB:\fP\fItag\fP An image \fItag\fP in a directory compliant with "Open Container Image Layout Specification" at \fIpath\fP\&. .PP \fBoci\-archive:\fP\fIpath\fP\fB:\fP\fItag\fP An image \fItag\fP in a tar archive compliant with "Open Container Image Layout Specification" at \fIpath\fP\&. .PP See containers\-transports(5) \[la]https://github.com/containers/image/blob/master/docs/containers-transports.5.md\[ra] for details. .SH OPTIONS .PP \fB\-\-command\-timeout\fP \fIduration\fP Timeout for the command execution. .PP \fB\-\-debug\fP enable debug output .PP \fB\-\-help\fP|\fB\-h\fP Show help .PP \fB\-\-insecure\-policy\fP Adopt an insecure, permissive policy that allows anything. This obviates the need for a policy file. .PP \fB\-\-override\-arch\fP \fIarch\fP Use \fIarch\fP instead of the architecture of the machine for choosing images. .PP \fB\-\-override\-os\fP \fIOS\fP Use \fIOS\fP instead of the running OS for choosing images. .PP \fB\-\-override\-variant\fP \fIVARIANT\fP Use \fIVARIANT\fP instead of the running architecture variant for choosing images. .PP \fB\-\-policy\fP \fIpath\-to\-policy\fP Path to a policy.json file to use for verifying signatures and deciding whether an image is trusted, overriding the default trust policy file. .PP \fB\-\-registries.d\fP \fIdir\fP use registry configuration files in \fIdir\fP (e.g. for container signature storage), overriding the default path. .PP \fB\-\-tmpdir\fP \fIdir\fP used to store temporary files. Defaults to /var/tmp. .PP \fB\-\-version\fP|\fB\-v\fP print the version number .SH COMMANDS .TS allbox; l l l l . \fB\fCCommand\fR \fB\fCDescription\fR skopeo\-copy(1) T{ Copy an image (manifest, filesystem layers, signatures) from one location to another. T} skopeo\-delete(1) Mark image\-name for deletion. skopeo\-inspect(1) T{ Return low\-level information about image\-name in a registry. T} skopeo\-list\-tags(1) T{ List the tags for the given transport/repository. T} skopeo\-login(1) Login to a container registry. skopeo\-logout(1) T{ Logout of a container registry. T} skopeo\-manifest\-digest(1) T{ Compute a manifest digest of manifest\-file and write it to standard output. T} skopeo\-standalone\-sign(1) Sign an image. skopeo\-standalone\-verify(1) Verify an image. skopeo\-sync(1) T{ Copy images from one or more repositories to a user specified destination. T} .TE .SH FILES .PP \fB/etc/containers/policy.json\fP Default trust policy file, if \fB\-\-policy\fP is not specified. The policy format is documented in containers\-policy.json(5) \[la]https://github.com/containers/image/blob/master/docs/containers-policy.json.5.md\[ra] . .PP \fB/etc/containers/registries.d\fP Default directory containing registry configuration, if \fB\-\-registries.d\fP is not specified. The contents of this directory are documented in containers\-policy.json(5) \[la]https://github.com/containers/image/blob/master/docs/containers-policy.json.5.md\[ra]\&. .SH SEE ALSO .PP skopeo\-login(1), docker\-login(1), containers\-auth.json(5), containers\-storage.conf(5), containers\-policy.json(5), containers\-transports(5) .SH AUTHORS .PP Antonio Murdaca runcom@redhat.com \[la]mailto:runcom@redhat.com\[ra], Miloslav Trmac mitr@redhat.com \[la]mailto:mitr@redhat.com\[ra], Jhon Honce jhonce@redhat.com \[la]mailto:jhonce@redhat.com\[ra]