Provided by: skopeo_1.13.3+ds1-2build2_amd64 
NAME
skopeo -- Command line utility used to interact with local and remote container images and
container image registries
SYNOPSIS
skopeo [global options] command [command options]
DESCRIPTION
skopeo is a command line utility providing various operations with container images and
container image registries.
skopeo can copy container images between various containers image stores, converting them
as necessary. For example you can use skopeo to copy container images from one container
registry to another.
skopeo can convert a Docker schema 2 or schema 1 container image to an OCI image.
skopeo can inspect a repository on a container registry without needlessly pulling the
image. Pulling an image from a repository, especially a remote repository, is an expensive
network and storage operation. Skopeo fetches the repository's manifest and displays a
docker inspect-like json output about the repository or a tag. skopeo, in contrast to
docker inspect, helps you gather useful information about a repository or a tag without
requiring you to run docker pull - e.g. - Which tags are available for the given
repository? Which labels does the image have?
skopeo can sign and verify container images.
skopeo can delete container images from a remote container registry.
Note: skopeo does not require any container runtimes to be running, to do most of its
functionality. It also does not require root, unless you are copying images into a
container runtime storage backend, like the docker daemon or
github.com/containers/storage.
IMAGE NAMES
Most commands refer to container images, using a transport:details format. The following
formats are supported:
containers-storage:docker-reference
An image located in a local containers/storage image store. Both the location and image
store are specified in /etc/containers/storage.conf. (Backend for Podman, CRI-O, Buildah
and friends)
dir:path
An existing local directory path storing the manifest, layer tarballs and signatures as
individual files. This is a non-standardized format, primarily useful for debugging or
noninvasive container inspection.
docker://docker-reference
An image in a registry implementing the "Docker Registry HTTP API V2". By default, uses
the authorization state in either $XDG_RUNTIME_DIR/containers/auth.json, which is set
using (skopeo login). If the authorization state is not found there,
$HOME/.docker/config.json is checked, which is set using (docker login).
docker-archive:path[:docker-reference]
An image is stored in the docker save formatted file. docker-reference is only used
when creating such a file, and it must not contain a digest.
docker-daemon:docker-reference
An image docker-reference stored in the docker daemon internal storage. docker-
reference must contain either a tag or a digest. Alternatively, when reading images, the
format can be docker-daemon:algo:digest (an image ID).
oci:path:tag
An image tag in a directory compliant with "Open Container Image Layout Specification"
at path.
oci-archive:path:tag
An image tag in a tar archive compliant with "Open Container Image Layout Specification"
at path.
See containers-transports(5)
⟨https://github.com/containers/image/blob/main/docs/containers-transports.5.md⟩ for
details.
OPTIONS
These options should be placed before the subcommand name. Individual subcommands have
their own options.
--command-timeout duration
Timeout for the command execution.
--debug
enable debug output
--help, -h
Show help
--insecure-policy
Adopt an insecure, permissive policy that allows anything. This obviates the need for a
policy file.
--override-arch arch
Use arch instead of the architecture of the machine for choosing images.
--override-os os
Use OS instead of the running OS for choosing images.
--override-variant variant
Use variant instead of the running architecture variant for choosing images.
--policy path-to-policy
Path to a policy.json file to use for verifying signatures and deciding whether an image
is trusted, overriding the default trust policy file.
--registries.d dir
Use registry configuration files in dir (e.g. for container signature storage), overriding
the default path.
--tmpdir dir
Directory used to store temporary files. Defaults to /var/tmp.
--version, -v
Print the version number
COMMANDS
┌────────────────────────────────┬─────────────────────────────────────────────────────────────────────────────┐
│Command │ Description │
├────────────────────────────────┼─────────────────────────────────────────────────────────────────────────────┤
│skopeo-copy(1) │ Copy an image (manifest, filesystem layers, signatures) from one location │
│ │ to another. │
├────────────────────────────────┼─────────────────────────────────────────────────────────────────────────────┤
│skopeo-delete(1) │ Mark the image-name for later deletion by the registry's garbage collector. │
├────────────────────────────────┼─────────────────────────────────────────────────────────────────────────────┤
│skopeo-generate-sigstore-key(1) │ │
├────────────────────────────────┼─────────────────────────────────────────────────────────────────────────────┤
│ │ Generate a sigstore public/private key pair. │
├────────────────────────────────┼─────────────────────────────────────────────────────────────────────────────┤
│skopeo-inspect(1) │ Return low-level information about image-name in a registry. │
├────────────────────────────────┼─────────────────────────────────────────────────────────────────────────────┤
│skopeo-list-tags(1) │ List image names in a transport-specific collection of images. │
├────────────────────────────────┼─────────────────────────────────────────────────────────────────────────────┤
│skopeo-login(1) │ Login to a container registry. │
├────────────────────────────────┼─────────────────────────────────────────────────────────────────────────────┤
│skopeo-logout(1) │ Logout of a container registry. │
├────────────────────────────────┼─────────────────────────────────────────────────────────────────────────────┤
│skopeo-manifest-digest(1) │ Compute a manifest digest for a manifest-file and write it to standard │
│ │ output. │
├────────────────────────────────┼─────────────────────────────────────────────────────────────────────────────┤
│skopeo-standalone-sign(1) │ Debugging tool - Publish and sign an image in one step. │
├────────────────────────────────┼─────────────────────────────────────────────────────────────────────────────┤
│skopeo-standalone-verify(1) │ Verify an image signature. │
├────────────────────────────────┼─────────────────────────────────────────────────────────────────────────────┤
│skopeo-sync(1) │ Synchronize images between registry repositories and local directories. │
└────────────────────────────────┴─────────────────────────────────────────────────────────────────────────────┘
FILES
/etc/containers/policy.json
Default trust policy file, if --policy is not specified.
The policy format is documented in containers-policy.json(5)
⟨https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md⟩ .
/etc/containers/registries.d
Default directory containing registry configuration, if --registries.d is not specified.
The contents of this directory are documented in containers-policy.json(5)
⟨https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md⟩.
SEE ALSO
skopeo-login(1), docker-login(1), containers-auth.json(5), containers-storage.conf(5),
containers-policy.json(5), containers-transports(5)
AUTHORS
Antonio Murdaca runcom@redhat.com ⟨mailto:runcom@redhat.com⟩, Miloslav Trmac
mitr@redhat.com ⟨mailto:mitr@redhat.com⟩, Jhon Honce jhonce@redhat.com
⟨mailto:jhonce@redhat.com⟩