Work with remote images registries - retrieving information, images, signing content

Related tags

Miscellaneous skopeo
Overview

skopeo Build Status


skopeo is a command line utility that performs various operations on container images and image repositories.

skopeo does not require the user to be running as root to do most of its operations.

skopeo does not require a daemon to be running to perform its operations.

skopeo can work with OCI images as well as the original Docker v2 images.

Skopeo works with API V2 container image registries such as docker.io and quay.io registries, private registries, local directories and local OCI-layout directories. Skopeo can perform operations which consist of:

  • Copying an image from and to various storage mechanisms. For example you can copy images from one registry to another, without requiring privilege.
  • Inspecting a remote image showing its properties including its layers, without requiring you to pull the image to the host.
  • Deleting an image from an image repository.
  • Syncing an external image repository to an internal registry for air-gapped deployments.
  • When required by the repository, skopeo can pass the appropriate credentials and certificates for authentication.

Skopeo operates on the following image and repository types:

  • containers-storage:docker-reference An image located in a local containers/storage image store. Both the location and image store are specified in /etc/containers/storage.conf. (This is the backend for Podman, CRI-O, Buildah and friends)

  • dir:path An existing local directory path storing the manifest, layer tarballs and signatures as individual files. This is a non-standardized format, primarily useful for debugging or noninvasive container inspection.

  • docker://docker-reference An image in a registry implementing the "Docker Registry HTTP API V2". By default, uses the authorization state in $XDG_RUNTIME_DIR/containers/auth.json, which is set using skopeo login.

  • docker-archive:path[:docker-reference] An image is stored in a docker save-formatted file. docker-reference is only used when creating such a file, and it must not contain a digest.

  • docker-daemon:docker-reference An image docker-reference stored in the docker daemon internal storage. docker-reference must contain either a tag or a digest. Alternatively, when reading images, the format can also be docker-daemon:algo:digest (an image ID).

  • oci:path:tag An image tag in a directory compliant with "Open Container Image Layout Specification" at path.

Inspecting a repository

skopeo is able to inspect a repository on a container registry and fetch images layers. The inspect command fetches the repository's manifest and it is able to show you a docker inspect-like json output about a whole repository or a tag. This tool, in contrast to docker inspect, helps you gather useful information about a repository or a tag before pulling it (using disk space). The inspect command can show you which tags are available for the given repository, the labels the image has, the creation date and operating system of the image and more.

Examples:

Show properties of fedora:latest

$ skopeo inspect docker://registry.fedoraproject.org/fedora:latest
{
    "Name": "registry.fedoraproject.org/fedora",
    "Digest": "sha256:655721ff613ee766a4126cb5e0d5ae81598e1b0c3bcf7017c36c4d72cb092fe9",
    "RepoTags": [
        "24",
        "25",
        "26-modular",
	...
    ],
    "Created": "2020-04-29T06:48:16Z",
    "DockerVersion": "1.10.1",
    "Labels": {
        "license": "MIT",
        "name": "fedora",
        "vendor": "Fedora Project",
        "version": "32"
    },
    "Architecture": "amd64",
    "Os": "linux",
    "Layers": [
        "sha256:3088721d7dbf674fc0be64cd3cf00c25aab921cacf35fa0e7b1578500a3e1653"
    ],
    "Env": [
        "DISTTAG=f32container",
        "FGC=f32",
        "container=oci"
    ]
}

Show container configuration from fedora:latest

$ skopeo inspect --config docker://registry.fedoraproject.org/fedora:latest  | jq
{
  "created": "2020-04-29T06:48:16Z",
  "architecture": "amd64",
  "os": "linux",
  "config": {
    "Env": [
      "DISTTAG=f32container",
      "FGC=f32",
      "container=oci"
    ],
    "Cmd": [
      "/bin/bash"
    ],
    "Labels": {
      "license": "MIT",
      "name": "fedora",
      "vendor": "Fedora Project",
      "version": "32"
    }
  },
  "rootfs": {
    "type": "layers",
    "diff_ids": [
      "sha256:a4c0fa2b217d3fd63d51e55a6fd59432e543d499c0df2b1acd48fbe424f2ddd1"
    ]
  },
  "history": [
    {
      "created": "2020-04-29T06:48:16Z",
      "comment": "Created by Image Factory"
    }
  ]
}

Show unverified image's digest

$ skopeo inspect docker://registry.fedoraproject.org/fedora:latest | jq '.Digest'
"sha256:655721ff613ee766a4126cb5e0d5ae81598e1b0c3bcf7017c36c4d72cb092fe9"

Copying images

skopeo can copy container images between various storage mechanisms, including:

  • Container registries

    • The Quay, Docker Hub, OpenShift, GCR, Artifactory ...
  • Container Storage backends

  • Local directories

  • Local OCI-layout directories

$ skopeo copy docker://quay.io/buildah/stable docker://registry.internal.company.com/buildah
$ skopeo copy oci:busybox_ocilayout:latest dir:existingemptydirectory

Deleting images

$ skopeo delete docker://localhost:5000/imagename:latest

Syncing registries

$ skopeo sync --src docker --dest dir registry.example.com/busybox /media/usb

Authenticating to a registry

Private registries with authentication

skopeo uses credentials from the --creds (for skopeo inspect|delete) or --src-creds|--dest-creds (for skopeo copy) flags, if set; otherwise it uses configuration set by skopeo login, podman login, buildah login, or docker login.

$ skopeo login --username USER docker://myregistrydomain.com:5000
Password:
$ skopeo inspect docker://myregistrydomain.com:5000/busybox
{"Tag":"latest","Digest":"sha256:473bb2189d7b913ed7187a33d11e743fdc2f88931122a44d91a301b64419f092","RepoTags":["latest"],"Comment":"","Created":"2016-01-15T18:06:41.282540103Z","ContainerConfig":{"Hostname":"aded96b43f48","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["/bin/sh","-c","#(nop) CMD [\"sh\"]"],"Image":"9e77fef7a1c9f989988c06620dabc4020c607885b959a2cbd7c2283c91da3e33","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"DockerVersion":"1.8.3","Author":"","Config":{"Hostname":"aded96b43f48","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["sh"],"Image":"9e77fef7a1c9f989988c06620dabc4020c607885b959a2cbd7c2283c91da3e33","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"Architecture":"amd64","Os":"linux"}
$ skopeo logout docker://myregistrydomain.com:5000

Using --creds directly

$ skopeo inspect --creds=testuser:testpassword docker://myregistrydomain.com:5000/busybox
{"Tag":"latest","Digest":"sha256:473bb2189d7b913ed7187a33d11e743fdc2f88931122a44d91a301b64419f092","RepoTags":["latest"],"Comment":"","Created":"2016-01-15T18:06:41.282540103Z","ContainerConfig":{"Hostname":"aded96b43f48","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["/bin/sh","-c","#(nop) CMD [\"sh\"]"],"Image":"9e77fef7a1c9f989988c06620dabc4020c607885b959a2cbd7c2283c91da3e33","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"DockerVersion":"1.8.3","Author":"","Config":{"Hostname":"aded96b43f48","Domainname":"","User":"","AttachStdin":false,"AttachStdout":false,"AttachStderr":false,"Tty":false,"OpenStdin":false,"StdinOnce":false,"Env":null,"Cmd":["sh"],"Image":"9e77fef7a1c9f989988c06620dabc4020c607885b959a2cbd7c2283c91da3e33","Volumes":null,"WorkingDir":"","Entrypoint":null,"OnBuild":null,"Labels":null},"Architecture":"amd64","Os":"linux"}
$ skopeo copy --src-creds=testuser:testpassword docker://myregistrydomain.com:5000/private oci:local_oci_image

Obtaining skopeo

For a detailed description how to install or build skopeo, see install.md.

Contributing

Please read the contribution guide if you want to collaborate in the project.

Commands

Command Description
skopeo-copy(1) Copy an image (manifest, filesystem layers, signatures) from one location to another.
skopeo-delete(1) Mark the image-name for later deletion by the registry's garbage collector.
skopeo-inspect(1) Return low-level information about image-name in a registry.
skopeo-list-tags(1) Return a list of tags for the transport-specific image repository.
skopeo-login(1) Login to a container registry.
skopeo-logout(1) Logout of a container registry.
skopeo-manifest-digest(1) Compute a manifest digest for a manifest-file and write it to standard output.
skopeo-standalone-sign(1) Debugging tool - Publish and sign an image in one step.
skopeo-standalone-verify(1) Verify an image signature.
skopeo-sync(1) Synchronize images between container registries and local directories.

License

skopeo is licensed under the Apache License, Version 2.0. See LICENSE for the full license text.

Comments
  • Introduce the sync command

    Introduce the sync command

    The skopeo sync command can sync images between a SOURCE and a destination.

    The purpose of this command is to assist with the mirroring of container images from different docker registries to a single docker registry.

    Right now the following transport matrix is implemented:

    • docker:// -> docker://
    • docker:// -> dir:
    • dir: -> docker://

    The dir: transport is supported to handle the use case of air-gapped environments. In this context users can perform an initial sync on a trusted machine connected to the internet; that would be a docker:// -> dir: sync. The target directory can be copied to a removable drive that can then be plugged into a node of the air-gapped environment. From there a dir: -> docker:// sync will import all the images into the registry serving the air-gapped environment.

    The image namespace is changed during the docker:// to docker:// or dir: copy. The FQDN of the registry hosting the image will be added as new root namespace of the image. For example, the image registry.example.com/busybox:latest will be copied to registry.local.lan/registry.example.com/busybox:latest.

    The image namespace is not changed when doing a dir: -> docker:// sync operation.

    The alteration of the image namespace is used to nicely scope images coming from different registries (the Docker Hub, quay.io, gcr, other registries). That allows all of them to be hosted on the same registry without incurring in clashes and making their origin explicit.

    TODO

    I hope you like this feature and the direction it's going. Once we agree on its final design we will update this PR to extend the current test suites.

    Future work

    Currently sync will keep adding missing content from SOURCE to DESTINATION. It would be nice to add a --delete flag to remove from DESTINATION contents that are no longer available inside of SOURCE. That would be a bit like rsync's--delete` flag.

    If wanted, that should be addressed with a separate PR.

    Signed-off-by: Flavio Castelli [email protected] Co-authored-by: Marco Vedovati [email protected]

    opened by flavio 77
  • use user/pass flags

    use user/pass flags

    We already use global flags for docker specific stuff. This patch enables --username and --password to be passed down to containers/image to setup docker's registries auth.

    Fixes #253

    @mtrmac @cyphar PTAL

    Signed-off-by: Antonio Murdaca [email protected]

    opened by runcom 41
  • Cirrus: Run checks directly on the host

    Cirrus: Run checks directly on the host

    In order to meet achievable deadlines converting from Travis to Cirrus CI, one significant artifact was carried forward (instead of fixing):

    Depending on a --privileged container to execute all/most automated checks/tests.

    Prior attempts to remove this aspect resulted in several test failures. Fixing the problems was viewed as more time-consuming than simply preserving this runtime environment.

    Time has passed, and the code has since moved on. This commit removes the legacy need to execute CI operations in a --privileged container, instead running them directly on the host. At the same time, the necessary test binaries are obtained from the same container used for development/local testing purposes. This ensures the two experiences are virtually always identical.

    opened by cevich 37
  • Using 'skopeo copy' to a registry that requires aws credentials return 403

    Using 'skopeo copy' to a registry that requires aws credentials return 403

    I am trying to use 'skopeo copy' to copy an image from my local registry to a different registry that I can login to using 'aws ecr get-login' command.

    After running the login command I get the credentials saved under $HOME/.docker/config.json.

    Running this: docker run -v ~/.docker:/root/.docker:Z --rm --net=host luebken/skopeo skopeo copy docker://rackattack-nas.dc1:5000/kubernetes-manager:bd6c5759f401652fc938a239b73631756b60879f_kubernetes-manager docker://registry.maestro.stratoscale.com/kubernetes-manager:bd6c5759f401652fc938a239b73631756b60879f_kubernetes-manager

    gets me this response: time="2017-08-27T14:23:27Z" level=fatal msg="Error writing blob: Error initiating layer upload to kubernetes-manager/blobs/uploads/, status 403"

    I entered the container and saw that the the config.json is where it suppose to be and was mounted correctly.

    Is there any way I can use 'skopeo copy' using aws ecr credentials?

    Thanks!

    opened by mickey-stratoscale 35
  • skopeo inspect command - introduce a way to skip querying all available tags

    skopeo inspect command - introduce a way to skip querying all available tags

    The commit in this PR introduces a new option to the inspect command which allows users to specify whether they want to disable querying and displaying all available tags for the image being inspected. This has been requested in https://github.com/containers/skopeo/issues/785

    The new option is --query-tags which defaults to true (to preserve backward compatibility) and is an optional optional. When set to --query-tags=false the implementation skips querying the tags for the repository and the displayed output will contain an empty RepoTags[] property:

    {
        "Name": "docker.io/library/python",
        "Digest": "sha256:5ca194a80ddff913ea49c8154f38da66a41d2b73028c5cf7e46bc3c1d6fda572",
        "RepoTags": [],
        ...
    

    I couldn't find existing tests for this command so I haven't updated/added any. However, I've run a bunch of manual tests (with --query-tags=false, with --query-tags, with --query-tags=true, without --query-tags) and they all have gone fine.

    Additionally, from a performance point of view, when not using or when not setting this to false and doing an inspect on a image which is expected to have a large number of tags (for example docker.io/library/python) results in a very noticable and big improvement. For example, the following command without this new option returns in around 15-16 seconds consistently (and displays all available tags):

    time bin/skopeo inspect   --override-arch=amd64 --override-os=linux docker://docker.io/library/python
    ....
    real	0m15.884s
    user	0m0.173s
    sys	0m0.131s
    

    Whereas when run with --query-tags=false for the same image, it returns consistently in around 8-9 seconds (of course with RepoTags: []):

    time bin/skopeo inspect --query-tags=false  --override-arch=amd64 --override-os=linux docker://docker.io/library/python
    ...
    
    real    0m8.444s
    user    0m0.153s
    sys 0m0.120s
    
    opened by jaikiran 34
  • skopeo inspect: a way how to avoid fetching all tags from repository

    skopeo inspect: a way how to avoid fetching all tags from repository

    Hello,

    in our use cases we need to get only information about image, like labels, but we don't need all repoTags. We have repositories with many tags (1700+) and it is resource consuming to get all tags from registry and just drop that.

    Could you please provide a way how to avoid fetching repotags?

    Thank you

    stale-issue 
    opened by MartinBasti 33
  • Image format docker-archive is not equivalent to docker save

    Image format docker-archive is not equivalent to docker save

    The format of an image copied from the Docker Hub to docker-archive://my-image is not what is produced by docker save. docker save produces a image that follows this spec. Basically, the image layout is such as:

    ├── 47bcc53f74dc94b1920f0b34f6036096526296767650f223433fe65c35f149eb.json
    ├── 5f29f704785248ddb9d06b90a11b5ea36c534865e9035e4022bb2e71d4ecbb9a
    │   ├── VERSION
    │   ├── json
    │   └── layer.tar
    ├── a65da33792c5187473faa80fa3e1b975acba06712852d1dea860692ccddf3198
    │   ├── VERSION
    │   ├── json
    │   └── layer.tar
    ├── manifest.json
    └── repositories
    

    While the format of the image produced by Skopeo only contains tar.gz file and a manifest.json such as:

    sha256:5a132a7e7af11f304041e93efb9cb2a0a7839bccaec5a03cfbdc9a3f5d0eb481
    sha256:fd2731e4c50ce221d785d4ce26a8430bca9a95bfe4162fafc997a1cc65682cce
    sha256:28a2f68d1120598986362662445c47dce7ec13c2662479e7aab9f0ecad4a7416
    sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
    sha256:07c86167cdc4264926fa5d2894e34a339ad27f730e8cc81a16cd21b7479e8eac
    manifest.json
    

    What is this format? Is there a spec somewhere? Or would it be possible to be compliant with docker save ?

    opened by nlewo 32
  • Consider distributing statically built binaries as part of release

    Consider distributing statically built binaries as part of release

    Currently if you're not using Fedora, you're kinda outta luck and you have to build from source. When I see a project written in Go, it's sad to see it just cannot be built directly with go tool, or doesn't offer binary builds.

    Travis CI can attach binaries to your releases. For example: https://github.com/ahmetb/govvv/releases

    You can use https://github.com/mitchellh/gox to provide cross platform builds in your travis build or so.

    Please consider distributing binary builds.

    good first issue kind/feature 
    opened by ahmetb 31
  • Cirrus: Use updated VM images

    Cirrus: Use updated VM images

    Mainly this is to confirm some changes needed for the podman-py CI setup don't disrupt operations here. Ref:

    https://github.com/containers/automation_images/pull/111

    Signed-off-by: Chris Evich [email protected]

    opened by cevich 29
  • Support namespaced logins for quay.io

    Support namespaced logins for quay.io

    Service accounts (a.k.a. robots) in quay.io are forcably namespaced to the user or orginization under which they are created. Therefore, it is impossible to use a common login/password to push images for both skopeo and containers namespaces. Worse, because the authentication is recorded against quay.io, multiple login sessions are required.

    Fix this by adding a function definition which verifies non-empty username/password arguments, before logging in. Call this function as needed from relevant targets, prior to pushing images.

    Signed-off-by: Chris Evich [email protected]

    opened by cevich 28
  • Add skopeo rpm spec file to contrib

    Add skopeo rpm spec file to contrib

    Adding skopeo spec file to repo to provide public access to files required to build rpm. Location in repo follows buildah's existing convention/location.

    Spec file is from the srpm from the following repo with the commitid changed to REPLACEWITHCOMMITID to match buildah .spec convention: https://cbs.centos.org/repos/virt7-container-common-candidate/source/SRPMS/

    Please advise if there is an updated version available or if there is an alternate location to access the spec.

    Signed-off-by: pixdrift [email protected]

    opened by pixdrift 28
  • [release-1.4] [CI:BUILD] Cirrus: Migrate OSX task to M1

    [release-1.4] [CI:BUILD] Cirrus: Migrate OSX task to M1

    Migrate our OSX build to a M1 instance, since Cirrus is sunsetting Intel-based macOS instances.

    Signed-off-by: Ashley Cui [email protected] (cherry picked from commit b5ac534960bd4188f7fd847cec3225f55714abc4) Signed-off-by: Lokesh Mandvekar [email protected]

    bug 
    opened by lsm5 11
  • Add `--mountns` or equivalent

    Add `--mountns` or equivalent

    For a use case I have, I'd like to execute a skopeo binary from inside a container image, but have it fetch data from containers-storage: which requires entering the host mount namespace.

    Several low-level commands have gradually gained support for calling setns(); e.g. there's now mount -N: -N, --namespace <ns> perform mount in another namespace.

    The key benefit of this is that it's performed after dynamic linking is done, so assuming no further external binaries are run it avoids a host dependency.

    But a general well known problem with setns() and Go is that the runtime will happily spawn threads in the background to service goroutines which may not propagate the namespace.

    I came across https://cs.github.com/containers/podman/blob/864288b8dabbe3eb89854b737cc7fbd93077aa1e/libpod/container_copy_linux.go?q=org%3Acontainers+setns+lang%3Ago#L17 which seems related.

    Thinking about this, I wonder if we could add support to containers/storage for having it take an explicit mount namespace and perform operations there?

    (I tried the below code, which worked for skopeo inspect --mount-namespace 1 containers-storage:docker.io/library/busybox but skopeo copy --mount-namespace 1 containers-storage:docker.io/library/busybox oci:/tmp/busybox fails trying to access some files, I think because the accesses are running on threads spawned before we were able to unshare...so to do this right we'd need to have the main entrypoint be either C or Rust)

    diff --git a/cmd/skopeo/main.go b/cmd/skopeo/main.go
    index 3f8a9621..af8132c8 100644
    --- a/cmd/skopeo/main.go
    +++ b/cmd/skopeo/main.go
    @@ -3,6 +3,7 @@ package main
     import (
     	"context"
     	"fmt"
    +	"os"
     	"strings"
     	"time"
     
    @@ -13,6 +14,7 @@ import (
     	"github.com/containers/storage/pkg/reexec"
     	"github.com/sirupsen/logrus"
     	"github.com/spf13/cobra"
    +	"golang.org/x/sys/unix"
     )
     
     // gitCommit will be the hash that the binary was built from
    @@ -27,6 +29,7 @@ type globalOptions struct {
     	policyPath         string                  // Path to a signature verification policy file
     	insecurePolicy     bool                    // Use an "allow everything" signature verification policy
     	registriesDirPath  string                  // Path to a "registries.d" registry configuration directory
    +	mountns            string                  // PID or path to specified mount namespace
     	overrideArch       string                  // Architecture to use for choosing images, instead of the runtime one
     	overrideOS         string                  // OS to use for choosing images, instead of the runtime one
     	overrideVariant    string                  // Architecture variant to use for choosing images, instead of the runtime one
    @@ -83,6 +86,7 @@ func createApp() (*cobra.Command, *globalOptions) {
     	rootCommand.PersistentFlags().BoolVar(&opts.debug, "debug", false, "enable debug output")
     	rootCommand.PersistentFlags().StringVar(&opts.policyPath, "policy", "", "Path to a trust policy file")
     	rootCommand.PersistentFlags().BoolVar(&opts.insecurePolicy, "insecure-policy", false, "run the tool without any policy check")
    +	rootCommand.PersistentFlags().StringVar(&opts.mountns, "mount-namespace", "", "Enter target mount namespace, specified via PID or magic link /proc/<pid>/ns/mnt")
     	rootCommand.PersistentFlags().StringVar(&opts.registriesDirPath, "registries.d", "", "use registry configuration files in `DIR` (e.g. for container signature storage)")
     	rootCommand.PersistentFlags().StringVar(&opts.overrideArch, "override-arch", "", "use `ARCH` instead of the architecture of the machine for choosing images")
     	rootCommand.PersistentFlags().StringVar(&opts.overrideOS, "override-os", "", "use `OS` instead of the running OS for choosing images")
    @@ -121,6 +125,25 @@ func (opts *globalOptions) before(cmd *cobra.Command) error {
     	if opts.tlsVerify.Present() {
     		logrus.Warn("'--tls-verify' is deprecated, please set this on the specific subcommand")
     	}
    +	if opts.mountns != "" {
    +		if !strings.HasPrefix(opts.mountns, "/") {
    +			opts.mountns = fmt.Sprintf("/proc/%s/ns/mnt", opts.mountns)
    +		}
    +
    +		// AIUI, we need to unshare() because the process is already threaded
    +		if err := unix.Unshare(unix.CLONE_NEWNS); err != nil {
    +			return fmt.Errorf("failed to unshare mount namespace: %w", err)
    +		}
    +		fd, err := os.Open(opts.mountns)
    +		if err != nil {
    +			return err
    +		}
    +		defer fd.Close()
    +
    +		if err := unix.Setns(int(fd.Fd()), unix.CLONE_NEWNS); err != nil {
    +			return fmt.Errorf("failed to enter mount namespace: %w", err)
    +		}
    +	}
     	return nil
     }
     
    
    enhancement 
    opened by cgwalters 2
  • fix(deps): update module gopkg.in/yaml.v2 to v3

    fix(deps): update module gopkg.in/yaml.v2 to v3

    Mend Renovate

    This PR contains the following updates:

    | Package | Type | Update | Change | |---|---|---|---| | gopkg.in/yaml.v2 | require | major | v2.4.0 -> v3.0.1 |


    Release Notes

    go-yaml/yaml

    v3.0.1

    Compare Source

    v3.0.0

    Compare Source


    Configuration

    📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

    🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

    Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

    🔕 Ignore: Close this PR and you won't be reminded about this update again.


    • [ ] If you want to rebase/retry this PR, check this box

    This PR has been generated by Mend Renovate. View repository job log here.

    dependencies 
    opened by renovate[bot] 0
  • skopeo copy multi-arch manifest from local containers-storage to private registry not working

    skopeo copy multi-arch manifest from local containers-storage to private registry not working

    $ podman images nodeimage

    REPOSITORY TAG IMAGE ID CREATED SIZE localhost/nodeimage 9.arm64 95d9fe375ed3 17 hours ago 888 MB localhost/nodeimage 9.amd64 a523734ebdb1 17 hours ago 864 MB localhost/nodeimage 9 410c25c08493 17 hours ago 1.09 kB

    $ podman inspect localhost/nodeimage:9.arm64|grep Digest

          "Digest": "sha256:6db6e95b26c56459ffd63539e8f7b1418d15a8ba35e979bd61374779c20b80d3",
    

    $ podman inspect localhost/nodeimage:9.amd64|grep Digest

          "Digest": "sha256:e4cb67eb7189c6d7e02d7f394f3d28ea50af723ea853b984618b57d96aba4940",
    

    $ podman manifest inspect localhost/nodeimage:9|grep sha256

            "digest": "sha256:e4cb67eb7189c6d7e02d7f394f3d28ea50af723ea853b984618b57d96aba4940",
    
            "digest": "sha256:6db6e95b26c56459ffd63539e8f7b1418d15a8ba35e979bd61374779c20b80d3",
    

    $ podman manifest inspect localhost/nodeimage:9

    { "schemaVersion": 2, "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json", "manifests": [ { "mediaType": "application/vnd.oci.image.manifest.v1+json", "size": 1682, "digest": "sha256:e4cb67eb7189c6d7e02d7f394f3d28ea50af723ea853b984618b57d96aba4940", "platform": { "architecture": "amd64", "os": "linux" } }, { "mediaType": "application/vnd.oci.image.manifest.v1+json", "size": 1682, "digest": "sha256:6db6e95b26c56459ffd63539e8f7b1418d15a8ba35e979bd61374779c20b80d3", "platform": { "architecture": "arm64", "os": "linux", "variant": "v8" } } ] }

    $ skopeo --debug copy --dest-registry-token $gcr_auth_token containers-storage:localhost/nodeimage:9 docker://us.gcr.io/localhost/nodeimage:9 --multi-arch all

    DEBU[0000] [graphdriver] trying provided driver "overlay"

    DEBU[0000] Cached value indicated that overlay is supported

    DEBU[0000] Cached value indicated that overlay is supported

    DEBU[0000] Cached value indicated that metacopy is being used

    DEBU[0000] Cached value indicated that native-diff is not being used

    INFO[0000] Not using native diff for overlay, this may cause degraded performance for building images: kernel has CONFIG_OVERLAY_FS_REDIRECT_DIR enabled

    DEBU[0000] backingFs=xfs, projectQuotaSupported=false, useNativeDiff=false, usingMetacopy=true

    DEBU[0000] parsed reference into "[[email protected]/var/lib/containers/storage+/run/containers/storage:overlay.mountopt=nodev,metacopy=on]localhost/nodeimage:9"

    DEBU[0000] Using registries.d directory /etc/containers/registries.d

    DEBU[0000] Loading registries configuration "/etc/containers/registries.conf"

    DEBU[0000] Loading registries configuration "/etc/containers/registries.conf.d/000-shortnames.conf"

    DEBU[0000] Loading registries configuration "/etc/containers/registries.conf.d/001-rhel-shortnames.conf"

    DEBU[0000] Loading registries configuration "/etc/containers/registries.conf.d/002-rhel-shortnames-overrides.conf"

    DEBU[0000] Found credentials for us.gcr.io/localhost/nodeimage in credential helper containers-auth.json in file /run/user/0/containers/auth.json

    DEBU[0000] Lookaside configuration: using "default-docker" configuration

    DEBU[0000] Using "sigstore-staging" file:///var/lib/containers/sigstore

    DEBU[0000] Looking for TLS certificates and private keys in /etc/docker/certs.d/us.gcr.io

    DEBU[0000] Sigstore attachments: using "default-docker" configuration

    DEBU[0000] Using blob info cache at /var/lib/containers/cache/blob-info-cache-v1.boltdb

    DEBU[0000] Source is a manifest list; copying all instances

    Getting image list signatures

    DEBU[0000] Manifest list has MIME type application/vnd.oci.image.index.v1+json, ordered candidate list [application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v2+json, application/vnd.oci.image.index.v1+json, application/vnd.docker.distribution.manifest.list.v2+json, application/vnd.docker.distribution.manifest.v1+prettyjws, application/vnd.docker.distribution.manifest.v1+json]

    DEBU[0000] ... will use the original manifest list type, and then try [application/vnd.docker.distribution.manifest.list.v2+json]

    Copying 2 of 2 images in list

    DEBU[0000] Copying instance sha256:e4cb67eb7189c6d7e02d7f394f3d28ea50af723ea853b984618b57d96aba4940 (1/2) Copying image sha256:e4cb67eb7189c6d7e02d7f394f3d28ea50af723ea853b984618b57d96aba4940 (1/2)

    FATA[0000] copying image 1/2 from manifest list: determining manifest MIME type for containers-storage:[[email protected]/var/lib/containers/storage+/run/containers/storage:overlay.mountopt=nodev,metacopy=on]localhost/nodeimage:[email protected]ea: reading manifest for image instance "sha256:e4cb67eb7189c6d7e02d7f394f3d28ea50af723ea853b984618b57d96aba4940": locating item named "manifest-sha256:e4cb67eb7189c6d7e02d7f394f3d28ea50af723ea853b984618b57d96aba4940" for image with ID "410c25c084931697396bd851fb1c726d1d7d8cfb7de98c91ed1bd10e8b3226ea" (consider removing the image to resolve the issue): file does not exist

    opened by prashant0810 1
  • proxy: Add `OpenImageWithRequiredSignatures`

    proxy: Add `OpenImageWithRequiredSignatures`

    In the bootc/ostree-container effort, I am trying to enforce signatures being enabled by default. The thing is, we kind of say that e.g. podman run <some image from docker hub or whatever> is "secure" - in the sense I'm using the word, we can and do fix security problems we find (mostly in the kernel) in a relatively timely fashion.

    But booting a container (or running with --privileged as well as some more subtle options) completely change that.

    As part of the proxy, I'd like to add an OpenImageWithRequiredSignatures API that requires that the remote image is signed in some way configured in containers-policy.json - IOW that the policy for fetching the image does not fall through to insecureAcceptAnything.

    (I think it would make sense to also add podman pull --sigpolicy=required or so)

    When I looked at this, it seemed feasible but would require some changes in c/image. Let me know if you have any thoughts.

    enhancement 
    opened by cgwalters 4
Releases(v1.9.3)
  • v1.9.3(Oct 19, 2022)

  • v1.10.0(Oct 1, 2022)

    skopeo inspect now provides more information about individual layers.

    The default /etc/containers/registries.d/default.yaml now has all entries commented-out, to use built-in defaults; that can change the default for lookaside-staging to use an unprivileged users’ home directory instead of a path in /var/.

    • GHA: Re-use identical workflow from buildah repo
    • Optimize upstream skopeo container image build
    • Fix running tests on macOS
    • Reformat with Go 1.19's gofmt
    • Fix a comment
    • Fix looking for commands with GNU make 4.2.1
    • Talk about "registry repositories" in (skopeo sync) documentation
    • Point at --all in the --preserve-digests option documentation
    • Remove unused GIT_BRANCH definition
    • Don't include git commit from a parent directory in the --version output
    • Update for c/image's update of github.com/gobuffalo/pop
    • Merge pull request https://github.com/containers/skopeo/pull/1737 from mtrmac/pop-v5-override
    • Stop using docker/docker/pkg/homedir in tests
    • add inspect layersData
    • Don't abort sync if the registry returns invalid tags
    • warn users about --dest-compress and --dest-decompress misuse
    • document imageDestOptions.warnAboutIneffectiveOptions()
    • warn about ineffective destination opts in sync cmd
    • default.yaml should have all options commented
    • Fix documentation in the default registries.d content.
    • [CI:DOCS] Add quay-description update reminder
    • Revert addition of -compat=1.17 to (go mod tidy)
    • Update for https://github.com/klauspost/pgzip/pull/50
    Source code(tar.gz)
    Source code(zip)
  • v1.9.2(Aug 2, 2022)

    • [CI:DOCS] Cirrus: Use the latest imgts container
    • Cirrus: Update CI VM images to match podman CI
    • Bump github.com/containers/common from 0.49.0 to 0.49.1
    Source code(tar.gz)
    Source code(zip)
  • v1.9.1(Jul 25, 2022)

    • Bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0
    • Bump github.com/containers/storage from 1.41.0 to 1.42.0
    • Update to github.com/containers/image/v5 v5.22.0
    • Update to github.com/containers/common v0.49.0
    • Stop using deprecated names from c/common/pkg/retry
    Source code(tar.gz)
    Source code(zip)
  • v1.9.0(Jul 13, 2022)

    Adds support for copying non-image OCI artifacts, and for creating and enforcing sigstore signatures.

    Shell autocompletions are now auto-generated, adding support for zsh, fish and PowerShell.

    Now requires Go 1.17.

    • Bump github.com/docker/docker
    • Config files live in /usr/local/etc on FreeBSD
    • Avoid hard-coding the location of bash
    • Bump github.com/containers/storage from 1.40.2 to 1.41.0
    • Bump github.com/docker/docker
    • add completion command to generate shell completion scripts
    • Remove cgo_pthread_ordering_workaround.go
    • Update c/image
    • Stop calling gpgme-config
    • shell completion: add Makefile target
    • shell completion: add install instructions docs
    • shell completion: add completion for transports names
    • [CI:DOCS] Pin actions to a full length commit SHA
    • Updated skopeo logo with new artwork
    • Update to gopkg.in/yaml.v3 v3.0.0
    • fix make completions for all POSIX shells
    • Update to github.com/opencontainers/runc >= 1.1.2
    • Cirrus: use Ubuntu 22.04 LTS
    • Bump github.com/containers/ocicrypt from 1.1.4 to 1.1.5
    • Bump github.com/stretchr/testify from 1.7.1 to 1.7.2
    • Bump github.com/docker/docker
    • Update go.mod to Go 1.17
    • Use testing.T.Setenv instead of os.Setenv in tests
    • Change a repo used for sync tests
    • Use an updated CI image
    • Update for docker/distribution CLI change
    • Enable schema1 support on the test registries
    • CoPR: Autobuild rpm on rhcontainerbot/podman-next
    • [CI:DOCS] Makefile: include cautionary note for rpm target
    • [CI:DOCS] skopeo.spec.rpkg: Fix syntax highlighting
    • Bump github.com/spf13/cobra from 1.4.0 to 1.5.0
    • Bump github.com/stretchr/testify from 1.7.2 to 1.7.4
    • Bump github.com/stretchr/testify from 1.7.4 to 1.7.5
    • Cirrus: Migrate multiarch build off github actions
    • Update & fix skopeo multiarch image Containerfiles
    • Use bytes.ReplaceAll instead of bytes.Replace(..., -1)
    • Update IRC information
    • Bump github.com/stretchr/testify from 1.7.5 to 1.8.0
    • Introduce noteCloseFailure, use it for reporting of cleanup errors
    • Modify error messages on failures to close
    • Remove uses of pkg/errors
    • Use errors.As() instead of direct type checks
    • Vendor unreleased c/image with OCI artifact support
    • Revert "Change a repo used for sync tests"
    • Vendor in c/image with sigstore support
    • Add --sign-by-sigstore-private-key to (skopeo copy) and (skopeo sync)
    • Update for the renames of sigstore to lookaside
    Source code(tar.gz)
    Source code(zip)
  • v1.8.0(May 7, 2022)

    What's Changed

    • v1.7.0 by @mtrmac in https://github.com/containers/skopeo/pull/1606
    • Update skopeoimage/README.md that tags are v-prefixed by @glensc in https://github.com/containers/skopeo/pull/1607
    • Add dry-run mode to skopeo-sync by @rhatdan in https://github.com/containers/skopeo/pull/1608
    • delete non-existent option in the cmdline example by @masatake in https://github.com/containers/skopeo/pull/1611
    • Add option to specify the identity for signing by @Jamstah in https://github.com/containers/skopeo/pull/1610
    • Update to benefit from Go 1.16 by @mtrmac in https://github.com/containers/skopeo/pull/1621
    • Improve the (skopeo delete) man page by @mtrmac in https://github.com/containers/skopeo/pull/1597
    • Update vendor of containers/(common,storage,image) by @rhatdan in https://github.com/containers/skopeo/pull/1626
    • Cirrus: Update to F36 w/ netavark+aardvark-dns by @cevich in https://github.com/containers/skopeo/pull/1631
    • [CI:DOCS] install.md: remove Kubic package info for Ubuntu by @lsm5 in https://github.com/containers/skopeo/pull/1632
    • [CI:DOCS] install.md: include distro package info links by @lsm5 in https://github.com/containers/skopeo/pull/1633
    • Vendor in containers/(common, storage, image) by @rhatdan in https://github.com/containers/skopeo/pull/1635
    • Vendor in containers/storage v1.40.2 by @rhatdan in https://github.com/containers/skopeo/pull/1636

    New Contributors

    • @glensc made their first contribution in https://github.com/containers/skopeo/pull/1607
    • @masatake made their first contribution in https://github.com/containers/skopeo/pull/1611

    Full Changelog: https://github.com/containers/skopeo/compare/v1.7.0...v1.8.0

    Source code(tar.gz)
    Source code(zip)
  • v1.6.2(Apr 1, 2022)

  • v1.7.0(Mar 24, 2022)

    skopeo list-tags docker-archive:… is now available.

    • Improve a comment in the 010-inspect.bats test
    • do not recommend upgrading all packages
    • Bump github.com/containers/image/v5 from 5.19.1 to 5.20.0
    • Update github.com/containerd/containerd
    • Bump github.com/docker/docker
    • Bump github.com/spf13/cobra from 1.3.0 to 1.4.0
    • Add support for docker-archive: to skopeo list-tags
    • Rename "self" receiver
    • Remove assignments to an unused variable
    • Add various missing error handling
    • Simplify the proxy server a bit
    • Bump github.com/stretchr/testify from 1.7.0 to 1.7.1
    • Use assert.ErrorContains
    • Update to Go 1.14 and revendor
    • Use check.C.MkDir() instead of manual ioutil.TempDir() calls
    • Formally record that we require Go 1.15
    • Update the command to install golint
    • Bump github.com/containers/ocicrypt from 1.1.2 to 1.1.3
    • Bump github.com/docker/docker
    • Bump github.com/containers/storage from 1.38.2 to 1.39.0
    • Bump github.com/containers/common from 0.47.4 to 0.47.5
    • Bump github.com/prometheus/client_golang to v1.11.1
    Source code(tar.gz)
    Source code(zip)
  • v1.6.1(Feb 16, 2022)

    What's Changed

    • Release v1.6.0 by @mtrmac in https://github.com/containers/skopeo/pull/1561
    • tests: skip sif test on RHEL by @edsantiago in https://github.com/containers/skopeo/pull/1564
    • Bump c/common to v0.47.4 by @TomSweeneyRedHat in https://github.com/containers/skopeo/pull/1565
    • Cirrus: Use updated VM images by @cevich in https://github.com/containers/skopeo/pull/1558
    • Don't expect the config blob to be listed in (skopeo inspect) by @mtrmac in https://github.com/containers/skopeo/pull/1572
    • Resolved workaround by @mtrmac in https://github.com/containers/skopeo/pull/1568

    Full Changelog: https://github.com/containers/skopeo/compare/v1.6.0...v1.6.1

    Source code(tar.gz)
    Source code(zip)
  • v1.6.0(Feb 2, 2022)

    Highlights:

    • A new sif: transport
    • New options --multi-arch, --preserve-digests, --sign-passphrase-file

    • Use a dynamic temp dir for test
    • Add an option to allow copying image indexes alone
    • proxy: Add a GetFullConfig method
    • proxy: Also bump compatible semver
    • Add option to preserve digests on copy
    • Run codespell on code
    • prompt-less signing via passphrase file
    • add a SIF systemtest
    • Merge pull request #1550 from vrothberg/sif-test
    • Improve the documentation of the argument to (skopeo inspect)
    • Document where various fields of (skopeo inspect) come from
    • Improve the documentation of boolean flags
    Source code(tar.gz)
    Source code(zip)
  • v1.5.2(Nov 26, 2021)

    What's Changed

    Includes a fix for CVE-2021-41190 / GHSA-77vh-xpmg-72qh .

    • use fedora:latest in contrib/skopeoimage/*/Dockerfile
    • Fix test bug that prevented useful diagnostics on registry fail
    • proxy: Add an API to fetch the config upconverted to OCI
    • proxy: Add support for manifest lists
    • proxy: Uncapitalize all errors
    • Cirrus: Bump Fedora to release 35 & Ubuntu to 21.10
    • Update to c/image v5.17.0

    Full Changelog: https://github.com/containers/skopeo/compare/v1.5.1...v1.5.2

    Source code(tar.gz)
    Source code(zip)
  • v1.5.1(Nov 4, 2021)

    What's Changed

    • Bump to v1.5.1
    • main: Error out if an unrecognized subcommand is provided
    • move optional-flag code to c/common/pkg/flag
    • Add --dest-precompute-digests option for docker
    • bump containers/image to 2541165
    • Add instructions to generate static binaries
    • Add new experimental-image-proxy hidden command
    • issue#785 inspect command - introduce a way to skip querying available tags for an image
    • Document container images as an alternative to installing packages
    • Introduce --username and --password to pass credentials
    • Move to v1.5.1-dev

    Full Changelog: https://github.com/containers/skopeo/compare/v1.5.0...v1.5.1

    Source code(tar.gz)
    Source code(zip)
  • v1.5.0(Oct 6, 2021)

    What's Changed

    • Bump github.com/docker/docker from 20.10.7+incompatible to 20.10.8+incompatible by @dependabot in https://github.com/containers/skopeo/pull/1404
    • [CI:DOCS] Github: Add workflow to monitor Cirrus-Cron builds by @cevich in https://github.com/containers/skopeo/pull/1405
    • Cirrus: Run checks directly on the host by @cevich in https://github.com/containers/skopeo/pull/1334
    • systemtests: if registry times out, show container logs by @edsantiago in https://github.com/containers/skopeo/pull/1413
    • Add codespell fixes by @rhatdan in https://github.com/containers/skopeo/pull/1414
    • [CI:DOCS] Add OWNERS file by @rhatdan in https://github.com/containers/skopeo/pull/1420
    • Update non-module dependencies by @mtrmac in https://github.com/containers/skopeo/pull/1428
    • Run (gofmt -s -w) by @mtrmac in https://github.com/containers/skopeo/pull/1427
    • Bump github.com/containers/storage from 1.33.1 to 1.37.0 by @dependabot in https://github.com/containers/skopeo/pull/1439
    • Introduce DISABLE_DOCS to skip doc generation while building from source by @jaikiran in https://github.com/containers/skopeo/pull/1443
    • Update VM Images + Drop prior-ubuntu references by @cevich in https://github.com/containers/skopeo/pull/1444
    • Update to github.com/vbauerster/mpb v7.1.5 by @mtrmac in https://github.com/containers/skopeo/pull/1455
    • Remove the extra (defaults to true) help msg by @rhatdan in https://github.com/containers/skopeo/pull/1431
    • Bump github.com/containers/common from 0.42.0 to 0.46.0 by @dependabot in https://github.com/containers/skopeo/pull/1462
    • drop nix support by @lsm5 in https://github.com/containers/skopeo/pull/1463
    • Update installation doc with latest steps by @lsm5 in https://github.com/containers/skopeo/pull/1464
    • Introduce a --ignore option to allow "sync" command to continue syncing even after a particular image sync fails by @jaikiran in https://github.com/containers/skopeo/pull/1468
    • Update github.com/containerd/containerd to v1.5.7 by @mtrmac in https://github.com/containers/skopeo/pull/1472
    • Remove leftover Nix packaging files by @mtrmac in https://github.com/containers/skopeo/pull/1473
    • Bump github.com/docker/docker from 20.10.8+incompatible to 20.10.9+incompatible by @dependabot in https://github.com/containers/skopeo/pull/1471
    • Bump github.com/containers/image/v5 from 5.15.0 to 5.16.1 by @dependabot in https://github.com/containers/skopeo/pull/1474

    Full Changelog: https://github.com/containers/skopeo/compare/v1.4.0...v1.5.0

    Source code(tar.gz)
    Source code(zip)
  • v1.4.1(Aug 20, 2021)

    • [release-1.4] Bump to v1.4.1
    • [release-1.4] Bump c/image 5.15.2 c/storage 1.34.1 c/common 0.42.1
    • [release-1.4] Bump c/storage 1.34.0, c/image 5.15.1 and c/common 0.43.0
    Source code(tar.gz)
    Source code(zip)
  • v1.4.0(Aug 2, 2021)

    • vendor-in-container: update to golang:1.16
    • Accept repositories on login/logout
    • update c/common, c/image, c/storage
    • Update on Building on Ubuntu
    • Add timeouts when waiting on OpenShift or the registry to start
    • Add docs and bash completions
    • Add support for decompressing while copying to dir://
    • Update to enabled containers/image version
    • Fix two instances of unused err found by go-staticcheck
    • Bump github.com/containers/storage from 1.32.6 to 1.33.0
    • Multi-arch image build: Daily version-tag push
    • CONTRIBUTING: small fixes to commands
    • Fix --tls-verify
    • Test both imageOptions and imageDestOptions in TestTLSVerifyFlags
    • Split testing of --tls-verify into separate TestTLSVerifyFlags
    • Add the --tls-verify option to (skopeo logout)
    • Fix using images from rate-limited docker hub
    • Use Fedora container for doccheck
    • Man page validation: part 2 of 2
    • docs: Adding info re container signatures
    • [CI:DOCS] Multi-arch image workflow: Make steps generic
    • Update nix pin with make nixpkgs
    • Cirrus: Freshen CI images
    • Bump github.com/containers/common from 0.40.1 to 0.41.0
    • Bump github.com/containers/storage from 1.32.5 to 1.32.6
    • Remove an unnecessary break
    • Remove an unnecessary Sprintf
    • Fix TestDockerRepositoryReferenceParser
    • Remove unused code
    • Set cobra.Command.CompletionOption already in createApp
    • Bump version to v1.4.0-dev
    • Revert "integration tests: disable ls for logs"
    • CONTRIBUTING: update vendoring instructions
    • disable completion command
    • Bump github.com/spf13/cobra from 1.2.0 to 1.2.1
    • Bump github.com/spf13/cobra from 1.1.3 to 1.2.0
    • Update tests for removal of error and Error from error messages
    • Fix some comments in man-page-checker
    • Improve the description of (skopeo list-tags)
    • Include the mandatory --output option in synopsis of (skopeo standalone-sign)
    • Support non-replaceable strings in synopsis
    • Use (make validate-local) in the validate target
    • man page checker - part 1 of 2
    • Cirrus: Rename cross -> osx task, add cross task.
    • Bump github.com/containers/ocicrypt from 1.1.1 to 1.1.2
    • Cirrus: Add vendor + tree status check
    • Run unit tests as well, not integration tests twice
    • Bump github.com/containers/storage from 1.32.4 to 1.32.5
    • Reintroduce the GNU semantics of DESTDIR
    • Add --retry-times to markdown docs
    • Workaround quay.io image build failure
    • Update brew to avoid 403 on accessing https://homebrew.bintray.com
    • Fix automation re: master->main rename
    • Bump github.com/containers/storage from 1.32.3 to 1.32.4
    • Bump github.com/containers/common from 0.40.0 to 0.40.1
    • Bump github.com/containers/storage from 1.32.2 to 1.32.3
    • Bump github.com/containers/image/v5 from 5.13.1 to 5.13.2
    • Fix documentation of the --format option of skopeo copy and skopeo sync
    • Bump github.com/containers/common from 0.39.0 to 0.40.0
    • Cirrus: New VM Images w/ podman 3.2.1
    • Bump github.com/containers/image/v5 from 5.12.0 to 5.13.1
    • Update nix pin with make nixpkgs
    • Fix multi-arch build version check
    • [CI:DOCS] Fix docs links due to branch rename
    • Bump github.com/containers/storage from 1.32.1 to 1.32.2
    • Update nix pin with make nixpkgs
    • Bump github.com/docker/docker
    • Fix wrong directory name
    • Support [CI:DOCS] mode
    • install.md Building Docs needs MacOS section
    • Bump github.com/containers/storage from 1.32.0 to 1.32.1
    • Bump github.com/containers/common from 0.38.4 to 0.39.0
    • Multi-arch github-action workflow unification
    • Bump github.com/containers/storage from 1.31.1 to 1.31.2
    • Move to v1.3.1-dev
    Source code(tar.gz)
    Source code(zip)
  • v1.3.1(Jun 29, 2021)

  • v1.3.0(May 19, 2021)

    Add the missing import and a gitignore entry for bin
    Added `format` parameter to `sync` command
    Bump github.com/containers/common from 0.36.0 to 0.38.4
    Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0
    Bump github.com/containers/storage from 1.30.0 to 1.30.1
    Cirrus: Improve test synchronization with c/image
    Fix typos in docstrings
    Makefile: Ensure policy.json uses new variable
    Remove older distro docs
    Travis -> Cirrus: MacOS Cross test
    Travis -> Cirrus: validate, vendor, and test
    Update F34beta -> F34 and U2010 -> U2104
    Update nix pin with `make nixpkgs`
    Upgrade to GitHub-native Dependabot
    copy: Add --digestfile
    
    Source code(tar.gz)
    Source code(zip)
  • v1.2.3(Apr 15, 2021)

    020-copy.bats: check that we set the manifest type correctly
    Add local integration and system test targets
    Bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0
    Bump github.com/gogo/protobuf/proto to v1.3.2
    Bump github.com/spf13/cobra from 1.1.1 to 1.1.2
    Bump github.com/stretchr/testify from 1.6.1 to 1.7.0
    Bump skopoeoimage Dockerfiles to user Fedora 33
    Cirrus: Add hack/get_ci_vm.sh support
    Cirrus: Initial implementation support for GCP VMs
    Cirrus: Update to use F34beta VM images
    Dockerfile.build: switch to fedora:latest
    Enable 'OptimizeDestinationImageAlreadyExists' feature
    Fix Makefile to handle PREFIX correctly
    Fix Makefile to handle PREFIX correctly
    Fix for login / logout registry argument
    Fix skipping tests in test container
    Migrate tests from docker.io
    Rebase against master and improve comment about gpgme-config
    Set User-Agent to skopeo/$VERSION
    Update github.com/containers/storage, containers/common, containers/image ...
    Update nix pin with `make nixpkgs`
    Update to F34beta images + add hack/get_ci_vm.sh script
    Upgrade dsnet/compress to avoid vulnerable xz version
    Vendor in latest golang.org/x/crypto
    skopeo images: set authfile to /tmp/auth.json
    
    Source code(tar.gz)
    Source code(zip)
  • v1.2.2(Feb 18, 2021)

    • Bump golang.org/x/crypto to the latest
    • Bump vendor/modules.txt in release-1.2
    • Fix gating test in release-1.2 port
    • Bump c/common c/image and c/storage to latest
    • Bump to Skopeo v1.2.2
    Source code(tar.gz)
    Source code(zip)
  • v1.2.1(Jan 11, 2021)

    • Include OBS install steps for CentOS
    • Makefile: add a local-cross target
    • Add Subject Alternative Name to local openssl cert
    • Update nix pin with make nixpkgs
    • Make Makefile a little easier to use
    • Update README.md
    • Update install.md
    • install.md: mention Nix/NixOS
    • Fix skopeo login example in README
    • Use osusergo build tag for static build
    • Travis: bump go to 1.15.x
    • integration tests: disable ls for logs
    • Dockerfile: install openssl
    • Avoid overriding LDFLAGS in Makefile
    • Add multi-arch builds for upstream and stable skopeo image via Travis
    • Fix #858 Add support for digests in sync
    • Fix #858 Add --all sync flag to emulate copy --all
    • install: make commands copy-pasteable
    • Support namespaced logins for quay.io
    • Switch to using errors.Wrapf rather then fmt.Errorsf
    • Add --format option to skopeo inspect
    • Add information about multi-arch image to README
    • Fix naming and language
    • vendor in containers/storage v1.24.1 containers/image v5.8,1
    • Update installation docs for debian and ubuntu
    • Update OSX Travis env before running tests
    • Update to macOS 10.14
    • Update debian/ubuntu docs
    • Spelling
    • Fix creds sync from yaml
    • Fix reading the after-sync list of tags in SyncSuite.TestYamlUntagged
    • Update vendor of containers/common and containers/storage
    • Integration test: use fedora-minimal for most manifest list tests
    • Integration test: sync k8s.gcr.io/pause instead of docker.io/alpine
    • Split copyWithSignedIdentity from TestCopyVerifyingMirroredSignatures
    • Add a smoke test for signedIdentity:remapIdentity
    Source code(tar.gz)
    Source code(zip)
  • v1.2.0(Sep 25, 2020)

    -buildmode=pie is not supported for some arch
    A couple of minor code cleanups.
    Add --registry-token flags to support Bearer token authentication
    Add --registry-token tests to utils_tests.go
    Add an extra clarification to skopeo-copy(1)
    Add an extra clarification to skopeo-copy(1)
    Add oci-archive to transport list, and link to the authoritative man page
    Adding periods
    Build static binary with `buildGoModule`
    Bump github.com/containers/common from 0.14.0 to 0.22.0
    Bump github.com/containers/image/v5 from 5.5.1 to 5.6.0
    Bump github.com/containers/ocicrypt from 1.0.2 to 1.0.3
    Bump github.com/containers/storage from 1.21.1 to 1.23.5
    Cleanup Dockerfile builds
    Dockerfile.build: Upgrade to Ubuntu 20.04
    Fix macOS builds in Travis
    Fix make clean to actually remove binaries
    Fix problems found by codespell
    Fix skopeo-login docs typo
    Keep options order in code and add missing bash completions
    Make InspectOutput an external object
    Remove an obsolete documentation of (make binary-static)
    Retry on skopeo subcommands
    Retry skopeo inspect command
    Run htpasswd from our build-container instead of registry:2
    Switch containers/libpod->containers/podman
    Update nix pin with `make nixpkgs`
    Use an inter-registry copy as the example for (skopeo copy)
    Use c/common retry package
    fix build in docker container
    nix run -f channel:nixos-20.03
    update enc/dec docs to be consistent with buildah
    use base image golang for build
    vendor golang.org/x/[email protected]
    
    Source code(tar.gz)
    Source code(zip)
  • v1.1.1(Jul 29, 2020)

  • v1.1.0(Jun 18, 2020)

    Add Skopeo Stable Image Dockerfile for Quay
    Add tags to support regular expressions in yaml conf
    Add tags to support regular expressions without breaking the old ones in yaml conf
    Add upstream and testing container images
    Add upstream and testing container images
    Bump github.com/containers/storage from 1.20.1 to 1.20.2
    Bump github.com/stretchr/testify from 1.6.0 to 1.6.1
    Clarify control flow when handling the tags list
    Clarify imagesToCopy control flow
    Correct a typo in docs/skopeo-sync.1.md
    Don't use path.Join to form repository names
    Drop redundant fmt.Sprintf inside erorrs.Wrapf/Errorf
    Fix error handling on invalid regex
    Fix the recently added example in the man page.
    Inline isTagSpecified into its only caller
    Only create a SystemContext once per registry
    Remove the repoReference parameter of imagesToCopyFromRepo
    Share the logrus.WithFields settings over the loop bodies
    Use MatchString instead of Match with a manual conversion
    Use a reference.Named, not types.ImageReference, in imagesToCopyFromRepo
    Use a separate field for the "sync images with tag matching regex" feature
    Use reference.Tagged to extract the tag from a reference
    Work with a reference.Named, not strings, in imagesToCopyFromRegistry
    there is a brew formula for skopeo
    vendor github.com/containers/common v0.14.0
    vendor github.com/containers/image/[email protected]
    

    ~

    Source code(tar.gz)
    Source code(zip)
  • v1.0.0(May 18, 2020)

    Skopeo 1.0 release

    New features in this release
          skopeo login
          skopeo logout
    

    . Update skopeo readme and man page . Add links to configuration man pages . Update docs/skopeo-sync.1.md . Add skopeo Login from c/common . Add skopeo login&logout . Add Security Policy . Add tests for using signatures with mirrors . Update c/image for https://github.com/containers/image/pull/912 . fix copy doc . Use cobra in skopeo . Fix TestCopyAtomicExtension . Update containers/image to v5.4.4 . Bump github.com/containers/storage from 1.18.2 to 1.19.0 . v0.11.2 containers/common

    Source code(tar.gz)
    Source code(zip)
  • v0.2.0(Apr 9, 2020)

    Update on #834: force runc only when cgroupsv1
    Update docs/skopeo.1.md
    Add example with repository
    Skopeo should support for BigFilesTemporaryDir (SystemContext)
    Use fully-qualified image names
    Add Ubuntu/Debian install instructions
    CI: force Podman to use runc
    add support for REGISTRY_AUTH_FILE
    Partial image encryption support
    Remove the list_tags integration test since it does not cover much not already tested by the upstream container/images repo or local unit tests
    Updates based on code review to simplify logic and tests
    Fix inconsistency in manpage example for list-tags
    Fix formatting on test
    Adds "list-tags" command to list tags with no known tag required. Fixes #276
    
    Source code(tar.gz)
    Source code(zip)
  • v0.1.41(Feb 7, 2020)

    • Bump github.com/containers/image/v5 from 5.2.0 to 5.2.1
    • Bump gopkg.in/yaml.v2 from 2.2.7 to 2.2.8
    • Bump github.com/containers/common from 0.0.7 to 0.1.4
    • Remove the reference to openshift/api
    • vendor github.com/containers/image/[email protected]
    • Manually update buildah to v1.13.1
    • add specific authfile options to copy (and sync) command.
    • Bump github.com/containers/buildah from 1.11.6 to 1.12.0
    • Add context to --encryption-key / --decryption-key processing failures
    • Bump github.com/containers/storage from 1.15.2 to 1.15.3
    • Bump github.com/containers/buildah from 1.11.5 to 1.11.6
    • remove direct reference on c/image/storage
    • Makefile: set GOBIN
    • Bump gopkg.in/yaml.v2 from 2.2.2 to 2.2.7
    • Bump github.com/containers/storage from 1.15.1 to 1.15.2
    • Introduce the sync command
    • openshift cluster: remove .docker directory on teardown
    • Bump github.com/containers/storage from 1.14.0 to 1.15.1
    • document installation via apk on alpine
    • Fix typos in doc for image encryption
    • Image encryption/decryption support in skopeo
    • make vendor-in-container
    • Bump github.com/containers/buildah from 1.11.4 to 1.11.5
    • Travis: use go v1.13
    • Use a Windows Nano Server image instead of Server Core for multi-arch testing
    • Increase test timeout to 15 minutes
    • Run the test-system container without --net=host
    • Mount /run/systemd/journal/socket into test-system containers
    • Don't unnecessarily filter out vendor from (go list ./...) output
    • Use -mod=vendor in (go {list,test,vet})
    • Bump github.com/containers/buildah from 1.8.4 to 1.11.4
    • Bump github.com/urfave/cli from 1.20.0 to 1.22.1
    • skopeo: drop support for ostree
    • Don't critically fail on a 403 when listing tags
    • Revert "Temporarily work around auth.json location confusion"
    • Remove references to atomic
    • Remove references to storage.conf
    • Dockerfile: use golang-github-cpuguy83-go-md2man
    • bump version to v0.1.41-dev
    • systemtest: inspect container image different from current platform arch
    Source code(tar.gz)
    Source code(zip)
  • v0.1.40(Oct 29, 2019)

    • vendor containers/image v5.0.0
    • copy: add a --all/-a flag
    • System tests: various fixes
    • Temporarily work around auth.json location confusion
    • copy: add --dest-compress-format and --dest-compress-level
    • flag: add optionalIntValue
    • Makefile: use go proxy
    • inspect --raw: skip the NewImage() step
    • update OCI image-spec to 775207bd45b6cb8153ce218cc59351799217451f
    • inspect.go: inspect env variables
    • ostree: use both image and & storage buildtags
    Source code(tar.gz)
    Source code(zip)
  • v0.1.39(Aug 6, 2019)

  • v0.1.38(Aug 2, 2019)

    • vendor github.com/containers/[email protected]
    • enforce blocking of registries
    • Fix lowest possible go version to be 1.9
    • man pages: add --dest-oci-accept-uncompressed-layers
    • bash completion: add --dest-oci-accept-uncompressed-layers
    • README.md: skopeo on openSUSE
    • copy: add a CLI flag for OCIAcceptUncompressedLayers
    • migrate to go modules
    • README: Clarify use of libbtrfs-dev on Ubuntu
    Source code(tar.gz)
    Source code(zip)
  • v0.1.36(May 18, 2019)

    rootless: don't create a namespace unless for containers-storage
    Fix typo on the main man page
    inspect: add a --config flag
    Add --no-creds flag to skopeo inspect
    Vendor update container/storage
    Vendor update container/image    
    Vendor update container/buildah
    rootless: do not create a user namespace if not needed
    skopeo: create a userns when running rootless
    completions: Use only spaces in indent
    completions: Fix completions with a global option
    
    Source code(tar.gz)
    Source code(zip)
Owner
Containers
Open Repository for Container Tools
Containers
World-banks - Go Library for retrieving world banks.

World banks Go Library for retrieving world banks. Quick start To install: go get github.com/pepcep/world-banks Usage There are several ways of utili

Pepcep 2 Jan 11, 2022
Configmanager - Package used for retrieving application settings from various sources

Config Manager Package used for retrieving application settings from various sou

null 7 Nov 28, 2022
a Go (Golang) MusicBrainz WS2 client library - work in progress

gomusicbrainz a Go (Golang) MusicBrainz WS2 client library - a work in progress. Current state Currently GoMusicBrainz provides methods to perform sea

Michael Wendland 47 Sep 28, 2022
Library to work with MimeHeaders and another mime types. Library support wildcards and parameters.

Mime header Motivation This library created to help people to parse media type data, like headers, and store and match it. The main features of the li

Anton Ohorodnyk 25 Nov 9, 2022
golang script for bypass AV and work only in windows platform

antivirus bypass protection requirements golang installed usage 1 - create your payload go run create.go <ip> <port> <secret> <any url>

null 29 Nov 9, 2022
A simple package for executing work in parallel up to a limit.

concurrencylimiter A simple package for executing work concurrently - up to a limit. The intended usecase looks something like: func concurrentlyDo(ta

Edward Stell 0 Dec 19, 2021
Vocabular checker JetBrains Academy home work Read file with bad words

Vocabulary Checker JetBrains Academy home work Read file with bad words and replace them on * in the next entered text until exitVocabulary Checker JetBrains Academy home work Read file with bad words and replace them on * in the next entered text until exit

Andrey 0 Jan 14, 2022
Gorsair hacks its way into remote docker containers that expose their APIs

Gorsair Gorsair is a penetration testing tool for discovering and remotely accessing Docker APIs from vulnerable Docker containers. Once it has access

Brendan Le Glaunec 790 Dec 31, 2022
A server for TurboRepo Remote Cache to store cache artefacts in Google Cloud Storage or Amazon S3

Tapico Turborepo Remote Cache This is an implementation of Vercel's Turborepo Remote Cache API endpoints used by the turborepo CLI command. This solut

Tapico 105 Dec 13, 2022
AutoK3s GEO collects metrics about locates remote IP-address and exposes metrics to InfluxDB.

AutoK3s GEO AutoK3s GEO collects metrics about locates remote IP-address and exposes metrics to InfluxDB. Thanks to https://freegeoip.live/ which prov

Jason 0 Jun 16, 2022
State observer - StateObserver used to synchronize the local(cached) state of the remote object with the real state

state observer StateObserver used to synchronize the local(cached) state of the

Ilya 2 Jan 19, 2022
cross-platform, normalized battery information library

battery Cross-platform, normalized battery information library. Gives access to a system independent, typed battery state, capacity, charge and voltag

null 213 Dec 22, 2022
Stargather is fast GitHub repository stargazers information gathering tool

Stargather is fast GitHub repository stargazers information gathering tool that can scrapes: Organization, Location, Email, Twitter, Follow

dw1 56 Dec 12, 2022
Analyze the binary outputted by `go build` to get type information etc.

Analyze the binary outputted by go build to get type information etc.

Masaaki Goshima 16 Oct 5, 2022
Information Gathering Tool written in Golang

Information Gathering Tool written in Golang

Federico 0 Nov 1, 2021
Package buildinfo provides basic building blocks and instructions to easily add build and release information to your app.

Package buildinfo provides basic building blocks and instructions to easily add build and release information to your app. This is done by replacing variables in main during build with ldflags.

null 1 Nov 14, 2021
Lib to extract information of tag html meta

What is this? Is a lib to extract information to mount preview. For Example: When you insert a url on chat how WhatsApp is mounted an preview of websi

null 5 May 17, 2022
Implement a toy in-memory store information service for a delivery company

Implement a toy in-memory store information service for a delivery company

Ahmad Berahman 0 Nov 22, 2021
Find hidden information in JS files for golang

findsecret Find hidden information in JS files Installation Download findsecret.

null 2 Dec 26, 2021