Merge branch 'master' into feat-override-variant

2025-10-22 03:24:25 +00:00 · 2020-03-20 15:43:39 +01:00
parent c6a731bb2e 7fee7d5019
commit ed883c5230
446 changed files with 14336 additions and 6302 deletions
--- a/docs/skopeo-copy.1.md
+++ b/docs/skopeo-copy.1.md
@@ -28,6 +28,17 @@ the images in the list, and the list itself.
 Path of the authentication file. Default is ${XDG_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`.
 If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`.

+Note: You can also override the default path of the authentication file by setting the REGISTRY\_AUTH\_FILE
+environment variable. `export REGISTRY_AUTH_FILE=path`
+
+**--src-authfile** _path_
+
+Path of the authentication file for the source registry. Uses path given by `--authfile`, if not provided.
+
+**--dest-authfile** _path_
+
+Path of the authentication file for the destination registry. Uses path given by `--authfile`, if not provided.
+
 **--format, -f** _manifest-type_ Manifest type (oci, v2s1, or v2s2) to use when saving image to directory using the 'dir:' transport (default is manifest type of source)

 **--quiet, -q** suppress output information when copying images
@@ -90,12 +101,12 @@ To copy and sign an image:

 To encrypt an image:
 ```sh
-skopeo copy docker://docker.io/library/nginx:latest oci:local_nginx:latest
+skopeo copy docker://docker.io/library/nginx:1.17.8 oci:local_nginx:1.17.8

 openssl genrsa -out private.key 1024
 openssl rsa -in private.key -pubout > public.key

-skopeo  copy --encryption-key jwe:./public.key oci:local_nginx:latest oci:try-encrypt:encrypted
+skopeo  copy --encryption-key jwe:./public.key oci:local_nginx:1.17.8 oci:try-encrypt:encrypted
 ```

 To decrypt an image:
@@ -112,6 +123,14 @@ To decrypt an image that requires more than one key:
 ```sh
 skopeo copy --decryption-key ./private1.key --decryption-key ./private2.key --decryption-key ./private3.key oci:try-encrypt:encrypted oci:try-decrypt:decrypted
 ```
+
+Container images can also be partially encrypted by specifying the index of the layer. Layers are 0-indexed indices, with support for negative indexing. i.e. 0 is the first layer, -1 is the last layer.
+
+Let's say out of 3 layers that the image `docker.io/library/nginx:1.17.8` is made up of, we only want to encrypt the 2nd layer,
+```sh
+skopeo  copy --encryption-key jwe:./public.key --encrypt-layer 1 oci:local_nginx:1.17.8 oci:try-encrypt:encrypted
+```
+
 ## SEE ALSO
 skopeo(1), podman-login(1), docker-login(1)

--- a/docs/skopeo-list-tags.1.md
+++ b/docs/skopeo-list-tags.1.md
@@ -0,0 +1,102 @@
+% skopeo-list-tags(1)
+
+## NAME
+skopeo\-list\-tags - Return a list of tags the transport-specific image repository
+
+## SYNOPSIS
+**skopeo list-tags** _repository-name_
+
+Return a list of tags from _repository-name_ in a registry.
+
+  _repository-name_ name of repository to retrieve tag listing from
+
+  **--authfile** _path_
+
+  Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`.
+  If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`.
+
+  **--creds** _username[:password]_ for accessing the registry
+
+  **--cert-dir** _path_ Use certificates at _path_ (\*.crt, \*.cert, \*.key) to connect to the registry
+
+  **--tls-verify** _bool-value_ Require HTTPS and verify certificates when talking to container registries (defaults to true)
+
+  **--no-creds** _bool-value_ Access the registry anonymously.
+
+## REPOSITORY NAMES
+
+Repository names are transport-specific references as each transport may have its own concept of a "repository" and "tags". Currently, only the Docker transport is supported.
+
+This commands refers to repositories using a _transport_`:`_details_ format. The following formats are supported:
+
+  **docker://**_docker-repository-reference_
+  A repository in a registry implementing the "Docker Registry HTTP API V2". By default, uses the authorization state in either `$XDG_RUNTIME_DIR/containers/auth.json`, which is set using `(podman login)`. If the authorization state is not found there, `$HOME/.docker/config.json` is checked, which is set using `(docker login)`.
+  A _docker-repository-reference_ is of the form: **registryhost:port/repositoryname** which is similar to an _image-reference_ but with no tag or digest allowed as the last component (e.g no `:latest` or `@sha256:xyz`)
+      
+      Examples of valid docker-repository-references:
+        "docker.io/myuser/myrepo"
+        "docker.io/nginx"
+        "docker.io/library/fedora"
+        "localhost:5000/myrepository"
+        
+      Examples of invalid references:
+        "docker.io/nginx:latest"
+        "docker.io/myuser/myimage:v1.0"
+        "docker.io/myuser/myimage@sha256:f48c4cc192f4c3c6a069cb5cca6d0a9e34d6076ba7c214fd0cc3ca60e0af76bb"
+       
+
+## EXAMPLES
+
+### Docker Transport
+To get the list of tags in the "fedora" repository from the docker.io registry (the repository name expands to "library/fedora" per docker transport canonical form):
+```sh
+$ skopeo list-tags docker://docker.io/fedora
+{
+    "Repository": "docker.io/library/fedora",
+    "Tags": [
+        "20",
+        "21",
+        "22",
+        "23",
+        "24",
+        "25",
+        "26-modular",
+        "26",
+        "27",
+        "28",
+        "29",
+        "30",
+        "31",
+        "32",
+        "branched",
+        "heisenbug",
+        "latest",
+        "modular",
+        "rawhide"
+    ]
+}
+
+```
+
+To list the tags in a local host docker/distribution registry on port 5000, in this case for the "fedora" repository:
+
+```sh
+$ skopeo list-tags docker://localhost:5000/fedora
+{
+    "Repository": "localhost:5000/fedora",
+    "Tags": [
+        "latest",
+        "30",
+        "31"
+    ]
+}
+
+```
+
+# SEE ALSO
+skopeo(1), podman-login(1), docker-login(1)
+
+## AUTHORS
+
+Zach Hill <zach@anchore.com>
+
--- a/docs/skopeo-sync.1.md
+++ b/docs/skopeo-sync.1.md
@@ -37,6 +37,14 @@ name can be stored at _destination_.
 Path of the authentication file. Default is ${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`.
 If the authorization state is not found there, $HOME/.docker/config.json is checked, which is set using `docker login`.

+**--src-authfile** _path_
+
+Path of the authentication file for the source registry. Uses path given by `--authfile`, if not provided.
+
+**--dest-authfile** _path_
+
+Path of the authentication file for the destination registry. Uses path given by `--authfile`, if not provided.
+
 **--src** _transport_ Transport for the source repository.

 **--dest** _transport_ Destination transport.
--- a/docs/skopeo.1.md
+++ b/docs/skopeo.1.md
@@ -77,6 +77,7 @@ Most commands refer to container images, using a _transport_`:`_details_ format.
 | [skopeo-standalone-sign(1)](skopeo-standalone-sign.1.md)    | Sign an image.                                               |
 | [skopeo-standalone-verify(1)](skopeo-standalone-verify.1.md)| Verify an image.                                             |
 | [skopeo-sync(1)](skopeo-sync.1.md)| Copy images from one or more repositories to a user specified destination.             |
+| [skopeo-list-tags(1)](skopeo-list-tags.1.md)  | List the tags for the given transport/repository.                           |

 ## FILES
  **/etc/containers/policy.json**