If a passphrase is not provided, prompt for one.
Outstanding:
- Should have integration tests.
- The signing options shared between copy and sync should live in utils.go.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This enables pushing to registries where the push and pull uris may be
different, for example where pushed images are mirrored to a read only
replica for distribution.
Closes#1588
Signed-off-by: James Hewitt <james.hewitt@uk.ibm.com>
Actually add a DESCRIPTION heading.
Warn about deleting by digest - it affects an unknown set of tags.
Warn about deleting by tag - it currently works by the resolved digest.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
The Go behavior of boolean flags is as follows:
Accepted values are --flag, which is the same as --flag=true, and --flag=false,
which is the default (except for OptionalBoolFlag).
--flag {false,true} is parsed as --flag=true with a non-option {false,true} argument.
So, for almost all flags, document them just as --flag, not
mentioning the [={false,true}] part, because users can just
omit =true, or the whole flag instead of =false.
OTOH, for tls-verify, document only the tls-verify={true,false}
variant, because the primary use is tls-verify=false, and because
tls-verify is not "the default", but equivalent to an explicit
tls-verify=true (overriding registries.conf).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
To support signing images without prompting the user, add CLI flags for
providing a passphrase file.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The new --multi-arch option allows the user to select between copying the
image associated with the system platform, all images in the index, or
just the index itself without attempting to copy the images.
Signed-off-by: James Hewitt <james.hewitt@uk.ibm.com>
This ensures layers are not uploaded that already exist on the
destination registry, in exchange for streaming layers to temporary
files when digests are unknown (ex. compressing "on the fly").
Signed-off-by: Paul Fisher <pfisher@lyft.com>
By default skopeo checks to see if the user actually uses one of the
--*tls-verify flags. Their initial value is ignored. Setting the
initial value to false causes Cobra to not display the default value on
the screen when the user runs a `skopeo --help` command.
If the user does not specify a --*tls-verify option, it falls back to
using the value specified in the registries.conf file.
Fixes: https://github.com/containers/skopeo/issues/1383
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Differentiate, again, between (skopeo --tls-verify subcommand)
and (skope subcommand --tls-verify), by
- using a "local" Corba flag for the (skopeo --tls-verify ...) variant
- adding separate --tls-verify flags to subcommands that only accept
them as legacy, available through deprecatedTLSVerifyFlags
(unlike the non-legacy path of dockerImageFlags());
- using TraverseChildren: true; this causes the global and
per-subcommand flags to be treated separately by Corba,
i.e. they no longer happen to share the "Hidden" flag
and Corba actually sets the right flag variable now.
So, we can now warn on (skopeo --tls-verify command) again,
and --help lists the flag correctly (it is hidden at the
global level, and in subcommands like copy that deprecated it,
but visible in subcommands like inspect where it's not deprecated).
NOTE: This removes --tls-verify from (skopeo manifest-digest) and
the three signing commands; it never made sense there. This change
could, in principle, break some users.
Also update man pages to match.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This is the script that runs 'skopeo COMMAND --help' and
cross-checks that all the option flags are documented
in man pages, and vice-versa (all options listed in man
pages appear in COMMAND's --help message).
Copied from podman, with changes for skopeo-land (removing
the rst checks, and conforming to skopeo conventions).
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add new script, hack/man-page-checker, copied from podman. Run it
in 'make validate-local' target.
This is NOT the checker requested in #1332 (verify that flags
listed in 'skopeo foo --help' are documented in man pages and
vice-versa). This is a much simpler script that merely looks
for very basic typos or discrepancies between skopeo.1.md
and skopeo-foo.1.md.
The next part (cross-checking flags) is in progress but will
require a huge number of changes to the man pages. I'm submitting
this now because it's easy to review.
Signed-off-by: Ed Santiago <santiago@redhat.com>
`podman push` gained this a while ago, and we want it here for the
same reason.
Motivated by closing a race condition in ostree-rs-ext:
17a991050c/lib/src/container/export.rs (L85)
Co-authored-by: Miloslav Trmač <mitr@redhat.com>
This replicates the --all copy flag to sync to perform the same
behavior. Namely, the default is CopySystemImage unless --all is passed
which changes the behavior to CopyAllImages. While it is probably
desirable for --all to be the default as there is no option to override
ones architecture with the sync command, --all can potentially break
existing sync incantations depending on registry support. Hence
CopySystemImage remains the default.
Signed-off-by: Andrew DeMaria <ademaria@cloudflare.com>
because that's what users are looking for, and instead of using
a containers-storage: source, which might not even work all that
well with all the automatic defaults Podman sets up.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
