Skopeo standalone-sign manifest docker-reference key-fingerprint -output| -o signature Image-name name of image to retrieve information aboutĬompute a manifest digest of manifest-file and write it to standard output. raw output raw manifest, default is to format in JSON Return low-level information about image-name in a registry tls-verify bool-value Require HTTPS and verify certificates when talking to docker registries (defaults to true)Īdditionally, the registry must allow deletions by setting REGISTRY_STORAGE_DELETE_ENABLED=true for the registry daemon. cert-dir path Use certificates at path (*.crt, *.cert, *.key) to connect to the registry creds username for accessing the registry
$ docker exec -it registry bin/registry garbage-collect /etc/docker/registry/config.yml To release the allocated disk space, you need to execute the docker registry garabage collector. dest-tls-verify bool-value Require HTTPS and verify certificates when talking to docker destination registry (defaults to true)Įxisting signatures, if any, are preserved as well. dest-ostree-tmp-dir path Directory to use for OSTree temporary files.
dest-cert-dir path Use certificates at path (*.crt, *.cert, *.key) to connect to the destination registry src-tls-verify bool-value Require HTTPS and verify certificates when talking to docker source registry (defaults to true) src-cert-dir path Use certificates at path (*.crt, *.cert, *.key) to connect to the source registry dest-creds username for accessing the destination registry src-creds username for accessing the source registry sign-by= key-id add a signature using that key ID for an image name corresponding to destination-image Necessary when copying a signed image to a destination which does not support signatures. remove-signatures do not copy signatures, if any, from source-image. Source-image use the "image name" format described aboveĭestination-image use the "image name" format described above Uses the system's trust policy to validate images, rejects images not trusted by the policy. Skopeo copy source-image destination-imageĬopy an image (manifest, filesystem layers, signatures) from one location to another. for docker signature storage), overriding the default path. registries.d dir use registry configuration files in dir (e.g. This obviates the need for a policy file. insecure-policy Adopt an insecure, permissive policy that allows anything. policy path-to-policy Path to a policy.json file to use for verifying signatures and deciding whether an image is trusted, overriding the default trust policy file. Non-standardized format, primarily useful for debugging orĪn image in a registry implementing the "Docker Registry HTTP API V2".īy default, uses the authorization state in $HOME/.docker/config.json,Īn image tag in a directory compliant with "Open Container Image Tarballs and signatures as individual files.
usingĪn existing local directory path storing the manifest, layer The current project and Atomic Registry instance are byĭefault read from $HOME/.kube/config, which is set e.g. The following formats are supported:Īn image in the current project of the current default Atomic Most commands refer to container images, using a transport: details format. It also allows you to copy container images between various registries, possibly converting them as necessary, and to sign and verify images.