Provided by: skopeo_1.13.3+ds1-2build2_amd64 bug

NAME

       skopeo-sync - Synchronize images between registry repositories and local directories.

SYNOPSIS

       skopeo sync [options] --src transport --dest transport source destination

DESCRIPTION

       Synchronize images between registry repositories and local directories. Synchronization is
       achieved by copying  all  the  images  found  at  source  to  destination  -  useful  when
       synchronizing  a  local  container  registry  mirror  or for populating registries running
       inside of air-gapped environments.

       Differently from other skopeo commands, skopeo sync requires both source  and  destination
       transports to be specified separately from source and destination.  One of the problems of
       prefixing a destination with its transport is that,  the  registry  docker://hostname:port
       would be wrongly interpreted as an image reference at a non-fully qualified registry, with
       hostname and port the image name and tag.

       Available source transports:
        - docker (i.e. --src docker): source is a  repository  hosted  on  a  container  registry
       (e.g.: registry.example.com/busybox).
        If no image tag is specified, skopeo sync copies all the tags found in that repository.
        -  dir  (i.e.  --src dir): source is a local directory path (e.g.: /media/usb/). Refer to
       skopeo(1) dir:path for the local image format.
        - yaml (i.e. --src yaml): source is local YAML file path.
        The YAML file  should  specify  the  list  of  images  copied  from  different  container
       registries (local directories are not supported). Refer to EXAMPLES for the file format.

       Available destination transports:
        -   docker  (i.e.  --dest  docker):  destination  is  a  container  registry  (e.g.:  my-
       registry.local.lan).
        - dir (i.e. --dest dir): destination is a local directory path (e.g.: /media/usb/).
        One directory per source 'image:tag' is created for each copied image.

       When the --scoped option is specified, images are prefixed with the source image  path  so
       that multiple images with the same name can be stored at destination.

OPTIONS

       See also skopeo(1) for options placed before the subcommand name.

       --all,  -a If one of the images in src refers to a list of images, instead of copying just
       the image which matches the current OS and architecture (subject to the use of the  global
       --override-os, --override-arch and --override-variant options), attempt to copy all of the
       images in the list, and the list itself.

       --authfile path

       Path of the authentication file. Default is ${XDG_RUNTIME_DIR}/containers/auth.json, which
       is   set   using   skopeo   login.   If  the  authorization  state  is  not  found  there,
       $HOME/.docker/config.json is checked, which is set using docker login.

       --src-authfile path

       Path of the authentication file for the source registry. Uses path given by --authfile, if
       not provided.

       --dest-authfile path

       Path  of  the  authentication  file  for  the  destination  registry.  Uses  path given by
       --authfile, if not provided.

       --dry-run

       Run the sync without actually copying data to the destination.

       --src, -s transport Transport for the source repository.

       --dest, -d transport Destination transport.

       --format, -f manifest-type Manifest Type (oci, v2s1, or v2s2) to use when syncing image(s)
       to a destination (default is manifest type of source, with fallbacks).

       --help, -h

       Print usage statement.

       --scoped  Prefix  images with the source image path, so that multiple images with the same
       name can be stored at destination.

       --append-suffix tag-suffix String to append to destination tags.

       --preserve-digests

       Preserve the digests during copying. Fail if the digest cannot be preserved.

       This option does not change what will be copied; consider using --all at the same time.

       --remove-signatures Do not copy signatures, if any, from source-image. This  is  necessary
       when copying a signed image to a destination which does not support signatures.

       --sign-by key-id

       Add  a  “simple  signing”  signature  using that key ID for an image name corresponding to
       destination-image

       --sign-by-sigstore param-file

       Add a sigstore signature based on the options in the specified containers sigstore signing
       parameter  file,  param-file.   See containers-sigstore-signing-params.yaml(5) for details
       about the file format.

       --sign-by-sigstore-private-key path

       Add a sigstore signature using a private key at path for an image  name  corresponding  to
       destination-image

       --sign-passphrase-file path

       The  passphare  to use when signing with --sign-by or --sign-by-sigstore-private-key. Only
       the first line will be read. A passphrase stored in a file is of questionable security  if
       other users can read this file. Do not use this option if at all avoidable.

       --src-creds username[:password] for accessing the source registry.

       --dest-creds username[:password] for accessing the destination registry.

       --src-cert-dir  path  Use  certificates  (*.crt,  *.cert, *.key) at path to connect to the
       source registry or daemon.

       --src-no-creds Access the registry anonymously.

       --src-tls-verify=bool Require HTTPS and verify certificates when talking  to  a  container
       source registry or daemon. Default to source registry entry in registry.conf setting.

       --dest-cert-dir  path  Use  certificates  (*.crt, *.cert, *.key) at path to connect to the
       destination registry or daemon.

       --dest-no-creds Access the registry anonymously.

       --dest-tls-verify=bool Require HTTPS and verify certificates when talking to  a  container
       destination  registry  or  daemon.  Default to destination registry entry in registry.conf
       setting.

       --src-registry-token Bearer token for accessing the source registry.

       --dest-registry-token Bearer token for accessing the destination registry.

       --retry-times  the number of times  to  retry,  retry  wait  time  will  be  exponentially
       increased based on the number of failed attempts.

       --keep-going If any errors occur during copying of images, those errors are logged and the
       process continues syncing rest of the images and finally fails at the end.

       --src-username

       The username to access the source registry.

       --src-password

       The password to access the source registry.

       --dest-username

       The username to access the destination registry.

       --dest-password

       The password to access the destination registry.

EXAMPLES

   Synchronizing to a local directory
       $ skopeo sync --src docker --dest dir registry.example.com/busybox /media/usb

       Images are located at:

       /media/usb/busybox:1-glibc
       /media/usb/busybox:1-musl
       /media/usb/busybox:1-ubuntu
       /media/usb/busybox:latest

   Synchronizing to a container registry from local
       Images are located at:

       /media/usb/busybox:1-glibc

       Sync run

       $ skopeo sync --src dir --dest docker /media/usb/busybox:1-glibc my-registry.local.lan/test/

       Destination registry content:

       REPO                                 TAGS
       my-registry.local.lan/test/busybox   1-glibc

   Synchronizing to a local directory, scoped
       $ skopeo sync --src docker --dest dir --scoped registry.example.com/busybox /media/usb

       Images are located at:

       /media/usb/registry.example.com/busybox:1-glibc
       /media/usb/registry.example.com/busybox:1-musl
       /media/usb/registry.example.com/busybox:1-ubuntu
       /media/usb/registry.example.com/busybox:latest

   Synchronizing to a container registry
       $ skopeo sync --src docker --dest docker registry.example.com/busybox my-registry.local.lan

       Destination registry content:

       REPO                         TAGS
       registry.local.lan/busybox   1-glibc, 1-musl, 1-ubuntu, ..., latest

   Synchronizing to a container registry keeping the repository
       $ skopeo sync --src docker --dest docker registry.example.com/repo/busybox my-registry.local.lan/repo

       Destination registry content:

       REPO                              TAGS
       registry.local.lan/repo/busybox   1-glibc, 1-musl, 1-ubuntu, ..., latest

   Synchronizing to a container registry with tag suffix
       $ skopeo sync --src docker --dest docker --append-suffix '-mirror' registry.example.com/busybox my-registry.local.lan

       Destination registry content:

       REPO                         TAGS
       registry.local.lan/busybox   1-glibc-mirror, 1-musl-mirror, 1-ubuntu-mirror, ..., latest-mirror

   YAML file content (used source for **--src yaml**)
       registry.example.com:
           images:
               busybox: []
               redis:
                   - "1.0"
                   - "2.0"
                   - "sha256:0000000000000000000000000000000011111111111111111111111111111111"
           images-by-tag-regex:
               nginx: ^1\.13\.[12]-alpine-perl$
           credentials:
               username: john
               password: this is a secret
           tls-verify: true
           cert-dir: /home/john/certs
       quay.io:
           tls-verify: false
           images:
               coreos/etcd:
                   - latest

       If the yaml filename is sync.yml, sync run:

       $ skopeo sync --src yaml --dest docker sync.yml my-registry.local.lan/repo/

       This will copy  the  following  images:  -  Repository  registry.example.com/busybox:  all
       images,  as no tags are specified.  - Repository registry.example.com/redis: images tagged
       "1.0"       and       "2.0"       along        with        image        with        digest
       "sha256:0000000000000000000000000000000011111111111111111111111111111111".   -  Repository
       registry.example.com/nginx: images tagged "1.13.1-alpine-perl"  and  "1.13.2-alpine-perl".
       - Repository quay.io/coreos/etcd: images tagged "latest".

       For the registry registry.example.com, the "john"/"this is a secret" credentials are used,
       with server TLS certificates located at /home/john/certs.

       TLS verification is normally enabled, and it can be disabled setting tls-verify to  false.
       In  the  above  example,  TLS  verification  is enabled for registry.example.com, while is
       disabled for quay.io.

SEE ALSO

       skopeo(1),   skopeo-login(1),   docker-login(1),   containers-auth.json(5),    containers-
       policy.json(5), containers-transports(5)

AUTHORS

       Flavio    Castelli    fcastelli@suse.commailto:fcastelli@suse.com⟩,   Marco   Vedovati
       mvedovati@suse.commailto:mvedovati@suse.comskopeo-sync(1)()