Please see the containers/image_build repo. README.md for build details.
Although not required, it is suggested that Podman be used with these container images.
# Get Help on Skopeo
podman run docker://quay.io/skopeo/stable:latest --help
# Get help on the Skopeo Copy command
podman run docker://quay.io/skopeo/stable:latest copy --help
# Copy the Skopeo container image from quay.io to
# a private registry
podman run docker://quay.io/skopeo/stable:latest copy docker://quay.io/skopeo/stable docker://registry.internal.company.com/skopeo
# Inspect the fedora:latest image
podman run docker://quay.io/skopeo/stable:latest inspect --config docker://registry.fedoraproject.org/fedora:latest | jq
-
Assuming one isn't already defined, setup a Podman secret with the
auth.json
contents. Alternatively, see thecontainers-auth.json
man page for the file format. Regardless of how the file is created, using it as a Podman secret provides more protections than a simple bind-mount.$ auth_tmp=$(mktemp) $ echo '{}' > $auth_tmp # JSON formating is required $ podman login --authfile=$auth_tmp example.com/registry $ podman secret create registry_name-auth $auth_tmp $ rm $auth_tmp
-
Pass the Podman secret into the Skopeo container along with the intended Skopeo command. For example, to retrieve metadata for
example.com/registry/image_name:tag
run:$ podman run --secret=registry_name-auth \ docker://quay.io/skopeo/stable:latest \ inspect --authfile=/run/secrets/registry_name_auth \ docker://example.com/registry/image_name:tag
NOTE: The
--authfile
argument must appear after the sub-command (i.e.inspect
above)