- Add option to set a fixed delay between retries.
- Clarify that if delay is unset, skopeo uses an exponential delay for
retries.
Fixes#2476
Signed-off-by: Adam Kaplan <adam.kaplan@redhat.com>
* Digest file output would have docker reference of source
and sha of of the mainfest sync'd with the target. This
file would not be created if dry-run flag is enabled
* improved the sync document to include the correct output for manifest file.
* added new line for the manifest file once all images are sync'd
* Ensuring we log on manifest digest if the copy operation was successful.
* Check for errors if any once sync process is complete.
* Ensure to capture the failure when closing the manifest file.
* Ensure we are not writing manifest sha for failed copy of imagesand aborting the process in case write to file fails
Signed-off-by: Ankit Agarwal <aagarwal@cloudsmith.io>
Correct the summary for standalone-sign. The old summary appears to be a
bad copy-and-paste from "skopeo copy".
Clarify that both of these tools are debugging tools, only operating on
local files.
Signed-off-by: Ken Dreyer <kdreyer@ibm.com>
This commit makes skopeo return a different exit code when an
input is not found. The use case is `osbuild` which uses skopeo
to inspect images and it would be nice to differenciate between
an image that is not found and general skopeo errors (or errors
like network issues etc).
I picked exit code `2` for `not found` because it is also the value
of `ENOENT`.
Man page and a test are added.
Signed-off-by: Michael Vogt <mvogt@redhat.com>
Add the ability to use an on-disk trust store to verify signatures. Also allow the user to trust any known fingerprint instead of having to specify one.
Signed-off-by: James Hewitt <james.hewitt@uk.ibm.com>
- Add a prompt to the skopeo commands.
- Add a "console" identifier to fenced code
blocks which has a prompt, not "sh".
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
(skopeo copy) and (skopeo sync) now support --sign-by-sigstore=param-file,
using the containers-sigstore-signing-params.yaml(5) file format.
That notably adds support for Fulcio and Rekor signing.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Patch created by re-running the two example commands and manually
abbreviating long lists in the output.
Fixes#1766.
Signed-off-by: Fabian P. Schmidt <kerel@mailbox.org>
If a passphrase is not provided, prompt for one.
Outstanding:
- Should have integration tests.
- The signing options shared between copy and sync should live in utils.go.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This enables pushing to registries where the push and pull uris may be
different, for example where pushed images are mirrored to a read only
replica for distribution.
Closes#1588
Signed-off-by: James Hewitt <james.hewitt@uk.ibm.com>
Actually add a DESCRIPTION heading.
Warn about deleting by digest - it affects an unknown set of tags.
Warn about deleting by tag - it currently works by the resolved digest.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
The Go behavior of boolean flags is as follows:
Accepted values are --flag, which is the same as --flag=true, and --flag=false,
which is the default (except for OptionalBoolFlag).
--flag {false,true} is parsed as --flag=true with a non-option {false,true} argument.
So, for almost all flags, document them just as --flag, not
mentioning the [={false,true}] part, because users can just
omit =true, or the whole flag instead of =false.
OTOH, for tls-verify, document only the tls-verify={true,false}
variant, because the primary use is tls-verify=false, and because
tls-verify is not "the default", but equivalent to an explicit
tls-verify=true (overriding registries.conf).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
To support signing images without prompting the user, add CLI flags for
providing a passphrase file.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The new --multi-arch option allows the user to select between copying the
image associated with the system platform, all images in the index, or
just the index itself without attempting to copy the images.
Signed-off-by: James Hewitt <james.hewitt@uk.ibm.com>
This ensures layers are not uploaded that already exist on the
destination registry, in exchange for streaming layers to temporary
files when digests are unknown (ex. compressing "on the fly").
Signed-off-by: Paul Fisher <pfisher@lyft.com>
