containers/skopeo
1
0
Fork 0
mirror of https://github.com/containers/skopeo.git synced 2026-02-05 12:45:43 +01:00
Code Issues Releases Wiki Activity
Files
cc1fcd83da61a8e6a0e509ee8aab081cc0403bb5
skopeo/docs/skopeo-sync.1.md

290 lines
11 KiB
Markdown
Raw Normal View History

Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
% skopeo-sync(1)
## NAME
Talk about "registry repositories" in (skopeo sync) documentation - We don't sync complete registries. - This should still refer to the remote registry servers. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2022-08-22 19:46:58 +02:00
skopeo\-sync - Synchronize images between registry repositories and local directories.
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
## SYNOPSIS
man page checker - part 1 of 2 Add new script, hack/man-page-checker, copied from podman. Run it in 'make validate-local' target. This is NOT the checker requested in #1332 (verify that flags listed in 'skopeo foo --help' are documented in man pages and vice-versa). This is a much simpler script that merely looks for very basic typos or discrepancies between skopeo.1.md and skopeo-foo.1.md. The next part (cross-checking flags) is in progress but will require a huge number of changes to the man pages. I'm submitting this now because it's easy to review. Signed-off-by: Ed Santiago <santiago@redhat.com>
2021-06-28 16:17:13 -06:00
**skopeo sync** [*options*] --src _transport_ --dest _transport_ _source_ _destination_
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
## DESCRIPTION
Corrected typo in skopeo-sync and updated description Signed-off-by: dbeezt <dbrereton1995@gmail.com>
2023-02-22 15:30:02 +00:00
Synchronize images between registry repositories and local directories. Synchronization is achieved by copying all the images found at _source_ to _destination_ - useful when synchronizing a local container registry mirror or for populating registries running inside of air-gapped environments.
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
Differently from other skopeo commands, skopeo sync requires both source and destination transports to be specified separately from _source_ and _destination_.
One of the problems of prefixing a destination with its transport is that, the registry `docker://hostname:port` would be wrongly interpreted as an image reference at a non-fully qualified registry, with `hostname` and `port` the image name and tag.
Available _source_ transports:
- _docker_ (i.e. `--src docker`): _source_ is a repository hosted on a container registry (e.g.: `registry.example.com/busybox`).
If no image tag is specified, skopeo sync copies all the tags found in that repository.
- _dir_ (i.e. `--src dir`): _source_ is a local directory path (e.g.: `/media/usb/`). Refer to skopeo(1) **dir:**_path_ for the local image format.
- _yaml_ (i.e. `--src yaml`): _source_ is local YAML file path.
The YAML file should specify the list of images copied from different container registries (local directories are not supported). Refer to EXAMPLES for the file format.
Available _destination_ transports:
- _docker_ (i.e. `--dest docker`): _destination_ is a container registry (e.g.: `my-registry.local.lan`).
- _dir_ (i.e. `--dest dir`): _destination_ is a local directory path (e.g.: `/media/usb/`).
One directory per source 'image:tag' is created for each copied image.
When the `--scoped` option is specified, images are prefixed with the source image path so that multiple images with the same
name can be stored at _destination_.
## OPTIONS
Cross-link the top-level and subcommand option lists ... primarily to make the top-level options more discoverable. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2023-03-20 21:12:51 +01:00
See also [skopeo(1)](skopeo.1.md) for options placed before the subcommand name.
Man page validation: part 2 of 2 This is the script that runs 'skopeo COMMAND --help' and cross-checks that all the option flags are documented in man pages, and vice-versa (all options listed in man pages appear in COMMAND's --help message). Copied from podman, with changes for skopeo-land (removing the rst checks, and conforming to skopeo conventions). Signed-off-by: Ed Santiago <santiago@redhat.com>
2021-06-29 15:56:07 -06:00
**--all**, **-a**
Fix #858 Add --all sync flag to emulate copy --all This replicates the --all copy flag to sync to perform the same behavior. Namely, the default is CopySystemImage unless --all is passed which changes the behavior to CopyAllImages. While it is probably desirable for --all to be the default as there is no option to override ones architecture with the sync command, --all can potentially break existing sync incantations depending on registry support. Hence CopySystemImage remains the default. Signed-off-by: Andrew DeMaria <ademaria@cloudflare.com>
2020-08-04 22:02:17 -06:00
If one of the images in __src__ refers to a list of images, instead of copying just the image which matches the current OS and
architecture (subject to the use of the global --override-os, --override-arch and --override-variant options), attempt to copy all of
the images in the list, and the list itself.
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
**--authfile** _path_
Improve documentation of --authfile - Don't claim that Windows uses XDG_RUNTIME_DIR, defer to the authoritative man page. - Consistently document the (regrettable?) REGISTRY_AUTH_FILE environment variable. - Consistently refer to "registry credentials file", not "authentication file". - (Also deemphasizes (docker login), I'm not sure we want that.) Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2025-05-29 00:30:19 +02:00
Path of the primary registry credentials file. On Linux, the default is ${XDG\_RUNTIME\_DIR}/containers/auth.json.
See **containers-auth.json**(5) for more details about the credential search mechanism and defaults on other platforms.
Use `skopeo login` to manage the credentials.
The default value of this option is read from the `REGISTRY\_AUTH\_FILE` environment variable.
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
add specific authfile options to copy (and sync) command. With additional prefixed flags for authfiles, it is possible to override the shared authfile flag to use different authfiles for src and dest registries. This is an important feature if the two registries have the same domain (but different paths) and require separate credentials. Closes #773. Signed-off-by: Daniel Strobusch <1847260+dastrobu@users.noreply.github.com>
2020-01-10 12:41:43 +01:00
**--src-authfile** _path_
Improve documentation of --authfile - Don't claim that Windows uses XDG_RUNTIME_DIR, defer to the authoritative man page. - Consistently document the (regrettable?) REGISTRY_AUTH_FILE environment variable. - Consistently refer to "registry credentials file", not "authentication file". - (Also deemphasizes (docker login), I'm not sure we want that.) Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2025-05-29 00:30:19 +02:00
Path of the primary registry credentials file for the source registry. Uses path given by `--authfile`, if not provided.
add specific authfile options to copy (and sync) command. With additional prefixed flags for authfiles, it is possible to override the shared authfile flag to use different authfiles for src and dest registries. This is an important feature if the two registries have the same domain (but different paths) and require separate credentials. Closes #773. Signed-off-by: Daniel Strobusch <1847260+dastrobu@users.noreply.github.com>
2020-01-10 12:41:43 +01:00
**--dest-authfile** _path_
Improve documentation of --authfile - Don't claim that Windows uses XDG_RUNTIME_DIR, defer to the authoritative man page. - Consistently document the (regrettable?) REGISTRY_AUTH_FILE environment variable. - Consistently refer to "registry credentials file", not "authentication file". - (Also deemphasizes (docker login), I'm not sure we want that.) Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2025-05-29 00:30:19 +02:00
Path of the primary registry credentials file for the destination registry. Uses path given by `--authfile`, if not provided.
add specific authfile options to copy (and sync) command. With additional prefixed flags for authfiles, it is possible to override the shared authfile flag to use different authfiles for src and dest registries. This is an important feature if the two registries have the same domain (but different paths) and require separate credentials. Closes #773. Signed-off-by: Daniel Strobusch <1847260+dastrobu@users.noreply.github.com>
2020-01-10 12:41:43 +01:00
Add dry-run mode to skopeo-sync Taking over #1459 to drive it to completion. Signed-off-by: Ted Wexler <twexler@bloomberg.net> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2022-03-28 08:40:12 -04:00
**--dry-run**
Run the sync without actually copying data to the destination.
Man page validation: part 2 of 2 This is the script that runs 'skopeo COMMAND --help' and cross-checks that all the option flags are documented in man pages, and vice-versa (all options listed in man pages appear in COMMAND's --help message). Copied from podman, with changes for skopeo-land (removing the rst checks, and conforming to skopeo conventions). Signed-off-by: Ed Santiago <santiago@redhat.com>
2021-06-29 15:56:07 -06:00
**--src**, **-s** _transport_ Transport for the source repository.
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
Man page validation: part 2 of 2 This is the script that runs 'skopeo COMMAND --help' and cross-checks that all the option flags are documented in man pages, and vice-versa (all options listed in man pages appear in COMMAND's --help message). Copied from podman, with changes for skopeo-land (removing the rst checks, and conforming to skopeo conventions). Signed-off-by: Ed Santiago <santiago@redhat.com>
2021-06-29 15:56:07 -06:00
**--dest**, **-d** _transport_ Destination transport.
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
Man page validation: part 2 of 2 This is the script that runs 'skopeo COMMAND --help' and cross-checks that all the option flags are documented in man pages, and vice-versa (all options listed in man pages appear in COMMAND's --help message). Copied from podman, with changes for skopeo-land (removing the rst checks, and conforming to skopeo conventions). Signed-off-by: Ed Santiago <santiago@redhat.com>
2021-06-29 15:56:07 -06:00
**--format**, **-f** _manifest-type_ Manifest Type (oci, v2s1, or v2s2) to use when syncing image(s) to a destination (default is manifest type of source, with fallbacks).
**--help**, **-h**
Print usage statement.
Added `format` parameter to `sync` command Signed-off-by: Brendan Aye <brendan.aye@t-mobile.com>
2021-04-23 12:59:19 -07:00
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
**--scoped** Prefix images with the source image path, so that multiple images with the same name can be stored at _destination_.
Adds sync with tag suffix example Signed-off-by: Phil Corbett <phil@phicorb.me.uk>
2022-11-17 17:49:27 +00:00
**--append-suffix** _tag-suffix_ String to append to destination tags.
Adds `--append-suffix` flag to sync Signed-off-by: Phil Corbett <phil@phicorb.me.uk>
2022-11-13 13:55:40 +00:00
* Added option to create digest file for syncing images. * Digest file output would have docker reference of source and sha of of the mainfest sync'd with the target. This file would not be created if dry-run flag is enabled * improved the sync document to include the correct output for manifest file. * added new line for the manifest file once all images are sync'd * Ensuring we log on manifest digest if the copy operation was successful. * Check for errors if any once sync process is complete. * Ensure to capture the failure when closing the manifest file. * Ensure we are not writing manifest sha for failed copy of imagesand aborting the process in case write to file fails Signed-off-by: Ankit Agarwal <aagarwal@cloudsmith.io>
2024-08-19 16:43:42 +01:00
**--digestfile** _path_
After copying the images from source, write the digest of the resulting images along with Image Reference.
```
sha256:bf91f90823248017a4f920fb541727fa8368dc6cf377a7debbd271cf6a31c8a7 docker://myhost.com/alpine:edge
sha256:31603596830fc7e56753139f9c2c6bd3759e48a850659506ebfb885d1cf3aef5 docker://myhost.com/postgres:14.3
```
Emphasize the semantics of --preserve-digests a tiny bit Fixes #1936. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2023-04-24 20:03:23 +02:00
**--preserve-digests**
Preserve the digests during copying. Fail if the digest cannot be preserved.
This option does not change what will be copied; consider using `--all` at the same time.
Add option to preserve digests on copy When enabled, if digests can't be preserved an error will be raised. Signed-off-by: James Hewitt <james.hewitt@uk.ibm.com>
2021-12-03 16:02:40 +00:00
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
**--remove-signatures** Do not copy signatures, if any, from _source-image_. This is necessary when copying a signed image to a destination which does not support signatures.
Add --sign-by-sigstore-private-key to (skopeo copy) and (skopeo sync) If a passphrase is not provided, prompt for one. Outstanding: - Should have integration tests. - The signing options shared between copy and sync should live in utils.go. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2022-07-06 07:16:23 +02:00
**--sign-by** _key-id_
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
Add --sign-by-sigstore-private-key to (skopeo copy) and (skopeo sync) If a passphrase is not provided, prompt for one. Outstanding: - Should have integration tests. - The signing options shared between copy and sync should live in utils.go. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2022-07-06 07:16:23 +02:00
Add a “simple signing” signature using that key ID for an image name corresponding to _destination-image_
Add support for Fulcio and Rekor, and --sign-by-sigstore=param-file (skopeo copy) and (skopeo sync) now support --sign-by-sigstore=param-file, using the containers-sigstore-signing-params.yaml(5) file format. That notably adds support for Fulcio and Rekor signing. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2023-01-11 21:42:03 +01:00
**--sign-by-sigstore** _param-file_
Add a sigstore signature based on the options in the specified containers sigstore signing parameter file, _param-file_.
See containers-sigstore-signing-params.yaml(5) for details about the file format.
Add --sign-by-sigstore-private-key to (skopeo copy) and (skopeo sync) If a passphrase is not provided, prompt for one. Outstanding: - Should have integration tests. - The signing options shared between copy and sync should live in utils.go. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2022-07-06 07:16:23 +02:00
**--sign-by-sigstore-private-key** _path_
Add a sigstore signature using a private key at _path_ for an image name corresponding to _destination-image_
Add --sign-by-sq-fingerprint and an integration test Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2025-07-08 20:13:34 +02:00
**--sign-by-sq-fingerprint** _fingerprint_
Add a “simple signing” signature using a Sequoia-PGP key with the specified _fingerprint_.
Add --sign-by-sigstore-private-key to (skopeo copy) and (skopeo sync) If a passphrase is not provided, prompt for one. Outstanding: - Should have integration tests. - The signing options shared between copy and sync should live in utils.go. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2022-07-06 07:16:23 +02:00
**--sign-passphrase-file** _path_
Add --sign-by-sq-fingerprint and an integration test Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2025-07-08 20:13:34 +02:00
The passphrase to use when signing with `--sign-by`, `--sign-by-sigstore-private-key` or `--sign-by-sq-fingerprint`.
Only the first line will be read. A passphrase stored in a file is of questionable security if other users can read this file. Do not use this option if at all avoidable.
prompt-less signing via passphrase file To support signing images without prompting the user, add CLI flags for providing a passphrase file. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
2022-01-20 11:55:23 +01:00
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
**--src-creds** _username[:password]_ for accessing the source registry.
**--dest-creds** _username[:password]_ for accessing the destination registry.
**--src-cert-dir** _path_ Use certificates (*.crt, *.cert, *.key) at _path_ to connect to the source registry or daemon.
Improve the documentation of boolean flags The Go behavior of boolean flags is as follows: Accepted values are --flag, which is the same as --flag=true, and --flag=false, which is the default (except for OptionalBoolFlag). --flag {false,true} is parsed as --flag=true with a non-option {false,true} argument. So, for almost all flags, document them just as --flag, not mentioning the [={false,true}] part, because users can just omit =true, or the whole flag instead of =false. OTOH, for tls-verify, document only the tls-verify={true,false} variant, because the primary use is tls-verify=false, and because tls-verify is not "the default", but equivalent to an explicit tls-verify=true (overriding registries.conf). Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2022-01-31 23:50:46 +01:00
**--src-no-creds** Access the registry anonymously.
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
Improve the documentation of boolean flags The Go behavior of boolean flags is as follows: Accepted values are --flag, which is the same as --flag=true, and --flag=false, which is the default (except for OptionalBoolFlag). --flag {false,true} is parsed as --flag=true with a non-option {false,true} argument. So, for almost all flags, document them just as --flag, not mentioning the [={false,true}] part, because users can just omit =true, or the whole flag instead of =false. OTOH, for tls-verify, document only the tls-verify={true,false} variant, because the primary use is tls-verify=false, and because tls-verify is not "the default", but equivalent to an explicit tls-verify=true (overriding registries.conf). Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2022-01-31 23:50:46 +01:00
**--src-tls-verify**=_bool_ Require HTTPS and verify certificates when talking to a container source registry or daemon. Default to source registry entry in registry.conf setting.
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
**--dest-cert-dir** _path_ Use certificates (*.crt, *.cert, *.key) at _path_ to connect to the destination registry or daemon.
Improve the documentation of boolean flags The Go behavior of boolean flags is as follows: Accepted values are --flag, which is the same as --flag=true, and --flag=false, which is the default (except for OptionalBoolFlag). --flag {false,true} is parsed as --flag=true with a non-option {false,true} argument. So, for almost all flags, document them just as --flag, not mentioning the [={false,true}] part, because users can just omit =true, or the whole flag instead of =false. OTOH, for tls-verify, document only the tls-verify={true,false} variant, because the primary use is tls-verify=false, and because tls-verify is not "the default", but equivalent to an explicit tls-verify=true (overriding registries.conf). Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2022-01-31 23:50:46 +01:00
**--dest-no-creds** Access the registry anonymously.
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
Improve the documentation of boolean flags The Go behavior of boolean flags is as follows: Accepted values are --flag, which is the same as --flag=true, and --flag=false, which is the default (except for OptionalBoolFlag). --flag {false,true} is parsed as --flag=true with a non-option {false,true} argument. So, for almost all flags, document them just as --flag, not mentioning the [={false,true}] part, because users can just omit =true, or the whole flag instead of =false. OTOH, for tls-verify, document only the tls-verify={true,false} variant, because the primary use is tls-verify=false, and because tls-verify is not "the default", but equivalent to an explicit tls-verify=true (overriding registries.conf). Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2022-01-31 23:50:46 +01:00
**--dest-tls-verify**=_bool_ Require HTTPS and verify certificates when talking to a container destination registry or daemon. Default to destination registry entry in registry.conf setting.
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
Adding periods
2020-09-18 18:11:01 +02:00
**--src-registry-token** _Bearer token_ for accessing the source registry.
Add --registry-token flags to support Bearer token authentication Signed-off-by: Alvaro Iradier <airadier@gmail.com>
2020-09-18 11:40:51 +02:00
Adding periods
2020-09-18 18:11:01 +02:00
**--dest-registry-token** _Bearer token_ for accessing the destination registry.
Add --registry-token flags to support Bearer token authentication Signed-off-by: Alvaro Iradier <airadier@gmail.com>
2020-09-18 11:40:51 +02:00
feat: Add `--retry-delay` Option - Add option to set a fixed delay between retries. - Clarify that if delay is unset, skopeo uses an exponential delay for retries. Fixes #2476 Signed-off-by: Adam Kaplan <adam.kaplan@redhat.com>
2025-01-16 16:15:39 -05:00
**--retry-times**
Document the default of --retry-times Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2026-01-07 16:15:13 +01:00
The number of times to retry. By default, no retries are attempted.
feat: Add `--retry-delay` Option - Add option to set a fixed delay between retries. - Clarify that if delay is unset, skopeo uses an exponential delay for retries. Fixes #2476 Signed-off-by: Adam Kaplan <adam.kaplan@redhat.com>
2025-01-16 16:15:39 -05:00
**--retry-delay**
Fixed delay between retries. If not set (or set to 0s), retry wait time will be exponentially increased based on the number of failed attempts.
Add --retry-times to markdown docs Fixes #1322. Signed-off-by: Jesse Rittner <rittneje@gmail.com>
2021-06-23 23:22:58 -04:00
issue#1466 - Introduce a --keep-going option to allow "sync" command to continue syncing even after a particular image sync fails
2021-10-02 09:11:19 +05:30
**--keep-going**
If any errors occur during copying of images, those errors are logged and the process continues syncing rest of the images and finally fails at the end.
Introduce --username and --password to pass credentials
2021-10-04 10:36:44 +05:30
**--src-username**
The username to access the source registry.
**--src-password**
The password to access the source registry.
**--dest-username**
The username to access the destination registry.
**--dest-password**
The password to access the destination registry.
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
## EXAMPLES
### Synchronizing to a local directory
[CI:DOCS] Format manual page documents - Add a prompt to the skopeo commands. - Add a "console" identifier to fenced code blocks which has a prompt, not "sh". Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
2023-01-25 17:07:06 +09:00
```console
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
$ skopeo sync --src docker --dest dir registry.example.com/busybox /media/usb
```
Images are located at:
```
/media/usb/busybox:1-glibc
/media/usb/busybox:1-musl
/media/usb/busybox:1-ubuntu
...
/media/usb/busybox:latest
```
Add tags to support regular expressions in yaml conf add relevant test cases and documentation update the sync doc
2020-05-19 18:03:07 +08:00
### Synchronizing to a container registry from local
Fix the recently added example in the man page. - Improve the language - Be consistent with the previous example about a trailing slash - Don't unnecessarily quote :, it is not a shell metacharacter. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2020-05-22 01:03:12 +02:00
Images are located at:
Add tags to support regular expressions in yaml conf add relevant test cases and documentation update the sync doc
2020-05-19 18:03:07 +08:00
```
Fix the recently added example in the man page. - Improve the language - Be consistent with the previous example about a trailing slash - Don't unnecessarily quote :, it is not a shell metacharacter. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2020-05-22 01:03:12 +02:00
/media/usb/busybox:1-glibc
Add tags to support regular expressions in yaml conf add relevant test cases and documentation update the sync doc
2020-05-19 18:03:07 +08:00
```
Sync run
[CI:DOCS] Format manual page documents - Add a prompt to the skopeo commands. - Add a "console" identifier to fenced code blocks which has a prompt, not "sh". Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
2023-01-25 17:07:06 +09:00
```console
Fix the recently added example in the man page. - Improve the language - Be consistent with the previous example about a trailing slash - Don't unnecessarily quote :, it is not a shell metacharacter. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2020-05-22 01:03:12 +02:00
$ skopeo sync --src dir --dest docker /media/usb/busybox:1-glibc my-registry.local.lan/test/
Add tags to support regular expressions in yaml conf add relevant test cases and documentation update the sync doc
2020-05-19 18:03:07 +08:00
```
Destination registry content:
```
REPO TAGS
my-registry.local.lan/test/busybox 1-glibc
```
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
### Synchronizing to a local directory, scoped
[CI:DOCS] Format manual page documents - Add a prompt to the skopeo commands. - Add a "console" identifier to fenced code blocks which has a prompt, not "sh". Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
2023-01-25 17:07:06 +09:00
```console
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
$ skopeo sync --src docker --dest dir --scoped registry.example.com/busybox /media/usb
```
Images are located at:
```
/media/usb/registry.example.com/busybox:1-glibc
/media/usb/registry.example.com/busybox:1-musl
/media/usb/registry.example.com/busybox:1-ubuntu
...
/media/usb/registry.example.com/busybox:latest
```
### Synchronizing to a container registry
[CI:DOCS] Format manual page documents - Add a prompt to the skopeo commands. - Add a "console" identifier to fenced code blocks which has a prompt, not "sh". Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
2023-01-25 17:07:06 +09:00
```console
$ skopeo sync --src docker --dest docker registry.example.com/busybox my-registry.local.lan
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
```
Destination registry content:
```
Add example with repository Fixes #854 Signed-off-by: Philipp Homann <homann.philipp@googlemail.com>
2020-03-30 08:31:19 +02:00
REPO TAGS
registry.local.lan/busybox 1-glibc, 1-musl, 1-ubuntu, ..., latest
```
### Synchronizing to a container registry keeping the repository
[CI:DOCS] Format manual page documents - Add a prompt to the skopeo commands. - Add a "console" identifier to fenced code blocks which has a prompt, not "sh". Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
2023-01-25 17:07:06 +09:00
```console
$ skopeo sync --src docker --dest docker registry.example.com/repo/busybox my-registry.local.lan/repo
Add example with repository Fixes #854 Signed-off-by: Philipp Homann <homann.philipp@googlemail.com>
2020-03-30 08:31:19 +02:00
```
Destination registry content:
```
REPO TAGS
registry.local.lan/repo/busybox 1-glibc, 1-musl, 1-ubuntu, ..., latest
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
```
Adds sync with tag suffix example Signed-off-by: Phil Corbett <phil@phicorb.me.uk>
2022-11-17 17:49:27 +00:00
### Synchronizing to a container registry with tag suffix
[CI:DOCS] Format manual page documents - Add a prompt to the skopeo commands. - Add a "console" identifier to fenced code blocks which has a prompt, not "sh". Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
2023-01-25 17:07:06 +09:00
```console
$ skopeo sync --src docker --dest docker --append-suffix '-mirror' registry.example.com/busybox my-registry.local.lan
Adds sync with tag suffix example Signed-off-by: Phil Corbett <phil@phicorb.me.uk>
2022-11-17 17:49:27 +00:00
```
Destination registry content:
```
REPO TAGS
registry.local.lan/busybox 1-glibc-mirror, 1-musl-mirror, 1-ubuntu-mirror, ..., latest-mirror
```
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
### YAML file content (used _source_ for `**--src yaml**`)
```yaml
registry.example.com:
images:
busybox: []
redis:
- "1.0"
- "2.0"
Fix #858 Add support for digests in sync Signed-off-by: Andrew DeMaria <ademaria@cloudflare.com>
2020-08-04 22:01:15 -06:00
- "sha256:0000000000000000000000000000000011111111111111111111111111111111"
Use a separate field for the "sync images with tag matching regex" feature Fields that magically change their behavior depending on type of the value are too much hassle for no benefit. For now, this just copies&pastes the full loop in imagesToCopyFromRegistry to create another loop handling the new ImagesByTagRegex field. Simplifications to reduce duplication will follow. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2020-05-22 01:00:49 +02:00
images-by-tag-regex:
nginx: ^1\.13\.[12]-alpine-perl$
add kubasobon:semver changes use single semver constraint Signed-off-by: Hussein Firas <hussein.firas@loveholidays.com> Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2024-01-04 10:45:27 +00:00
images-by-semver:
alpine: ">= 3.12.0"
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
credentials:
username: john
password: this is a secret
tls-verify: true
cert-dir: /home/john/certs
quay.io:
tls-verify: false
images:
coreos/etcd:
- latest
```
Add tags to support regular expressions in yaml conf add relevant test cases and documentation update the sync doc
2020-05-19 18:03:07 +08:00
If the yaml filename is `sync.yml`, sync run:
[CI:DOCS] Format manual page documents - Add a prompt to the skopeo commands. - Add a "console" identifier to fenced code blocks which has a prompt, not "sh". Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
2023-01-25 17:07:06 +09:00
```console
$ skopeo sync --src yaml --dest docker sync.yml my-registry.local.lan/repo/
Add tags to support regular expressions in yaml conf add relevant test cases and documentation update the sync doc
2020-05-19 18:03:07 +08:00
```
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
This will copy the following images:
- Repository `registry.example.com/busybox`: all images, as no tags are specified.
Fix #858 Add support for digests in sync Signed-off-by: Andrew DeMaria <ademaria@cloudflare.com>
2020-08-04 22:01:15 -06:00
- Repository `registry.example.com/redis`: images tagged "1.0" and "2.0" along with image with digest "sha256:0000000000000000000000000000000011111111111111111111111111111111".
Add tags to support regular expressions in yaml conf add relevant test cases and documentation update the sync doc
2020-05-19 18:03:07 +08:00
- Repository `registry.example.com/nginx`: images tagged "1.13.1-alpine-perl" and "1.13.2-alpine-perl".
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
- Repository `quay.io/coreos/etcd`: images tagged "latest".
add kubasobon:semver changes use single semver constraint Signed-off-by: Hussein Firas <hussein.firas@loveholidays.com> Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2024-01-04 10:45:27 +00:00
- Repository `registry.example.com/alpine`: all images with tags match the semantic version constraint ">= 3.12.0" ("3.12.0, "3.12.1", ... ,"4.0.0", ...)
The full list of possible semantic version comparisons can be found in the
upstream library's documentation:
https://github.com/Masterminds/semver/tree/v3.2.0#basic-comparisons.
Version ordering and precedence is understood as defined here:
https://semver.org/#spec-item-11.
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
For the registry `registry.example.com`, the "john"/"this is a secret" credentials are used, with server TLS certificates located at `/home/john/certs`.
Correct a typo in docs/skopeo-sync.1.md To disable TLS verification need to set "tls-verify" to "false"
2020-06-11 01:29:37 +08:00
TLS verification is normally enabled, and it can be disabled setting `tls-verify` to `false`.
Spelling Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
2020-12-21 16:10:34 -05:00
In the above example, TLS verification is enabled for `registry.example.com`, while is
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
disabled for `quay.io`.
## SEE ALSO
Update docs/skopeo-sync.1.md Co-authored-by: Miloslav Trmač <mitr@redhat.com>
2020-05-15 07:42:54 -04:00
skopeo(1), skopeo-login(1), docker-login(1), containers-auth.json(5), containers-policy.json(5), containers-transports(5)
Introduce the sync command The skopeo sync command can sync images between a SOURCE and a destination. The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry. Right now the following source/destination locations are implemented: * docker -> docker * docker-> dir * dir -> docker The dir location is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a `docker` -> `dir` sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a `dir` -> `docker` sync will import all the images into the registry serving the air-gapped environment. Notes when specifying the `--scoped` option: The image namespace is changed during the `docker` to `docker` or `dir` copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image `registry.example.com/busybox:latest` will be copied to `registry.local.lan/registry.example.com/busybox:latest`. The image namespace is not changed when doing a `dir:` -> `docker` sync operation. The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit. Signed-off-by: Flavio Castelli <fcastelli@suse.com> Co-authored-by: Marco Vedovati <mvedovati@suse.com>
2018-07-09 15:27:01 +02:00
## AUTHORS
Flavio Castelli <fcastelli@suse.com>, Marco Vedovati <mvedovati@suse.com>
Copy Permalink