This commit introduces two new flags for the skopeo copy command to provide
more granular control over multi-architecture image copying:
--remove-list-signatures: Removes only the manifest list signature while
preserving per-instance signatures. This provides finer control than the
existing --remove-signatures flag which removes all signatures.
--strip-sparse-manifest-list: Strips missing instances from manifest lists
when copying only a subset of platforms (using --multi-arch with a platform
list). This is useful for registries that don't support sparse manifest lists.
The --strip-sparse-manifest-list flag requires explicit signature removal
using either --remove-signatures or --remove-list-signatures, as stripping
instances invalidates the manifest list signature.
These flags address scenarios where users need to copy multi-architecture
images to registries with different signature requirements or those that
don't support sparse manifest lists, while still maintaining control over
which signatures are preserved.
Documentation has been updated with usage examples, and integration tests
have been added to verify the new functionality.
Signed-off-by: Alex Guidi <aguidi@redhat.com>
This was originally a part of a --sign-by paragraph. I don't think
we _really_ need it, the "add a signature" wording should be clear
enough. If we did move it back to --sign-by, we should add it
to all the --sign-... options; it's simpler to just drop it.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Extends the --multi-arch flag to accept platform specifications,
allowing users to copy specific platforms from multi-architecture
images without requiring digest hashes.
Users can now specify platforms using OS/Architecture pairs:
skopeo copy --multi-arch=linux/amd64,linux/arm64 docker://src docker://dst
This feature:
- Parses comma-separated platform specifications (e.g., linux/amd64,linux/arm64)
- Copies ALL instances matching each specified platform (including all
compression variants and other variations)
- Works alongside existing --multi-arch options (system, all, index-only)
- Leverages the InstancePlatforms field added in containers/image
The implementation follows the design from containers/image#1938 and
containers/container-libs#656, providing a more user-friendly alternative
to specifying digest hashes via the Instances field.
Signed-off-by: Alex Guidi <aguidi@redhat.com>
In bootc, we want the ability to assert that signature verification is
enforced.
Add a new top-level `--require-signed` switch. When passed, we use the
new `RequireSignatureVerification()` method to ensure that signature
verification is enforced.
Part of https://github.com/containers/skopeo/issues/1829.
Signed-off-by: Jonathan Lebon <jonathan@jlebon.com>
I want this for https://github.com/bootc-dev/bootc/issues/1686
so we can distinguish pulls there.
But more generally it's can be a good idea for people writing
scripts using skopeo to set custom user agents so that registries
can more easily trace which actors are performing tasks.
Assisted-by: Claude Code
Signed-off-by: Colin Walters <walters@verbum.org>
- Don't claim that Windows uses XDG_RUNTIME_DIR, defer to the authoritative
man page.
- Consistently document the (regrettable?) REGISTRY_AUTH_FILE environment
variable.
- Consistently refer to "registry credentials file", not "authentication file".
- (Also deemphasizes (docker login), I'm not sure we want that.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
- Add option to set a fixed delay between retries.
- Clarify that if delay is unset, skopeo uses an exponential delay for
retries.
Fixes#2476
Signed-off-by: Adam Kaplan <adam.kaplan@redhat.com>
* Digest file output would have docker reference of source
and sha of of the mainfest sync'd with the target. This
file would not be created if dry-run flag is enabled
* improved the sync document to include the correct output for manifest file.
* added new line for the manifest file once all images are sync'd
* Ensuring we log on manifest digest if the copy operation was successful.
* Check for errors if any once sync process is complete.
* Ensure to capture the failure when closing the manifest file.
* Ensure we are not writing manifest sha for failed copy of imagesand aborting the process in case write to file fails
Signed-off-by: Ankit Agarwal <aagarwal@cloudsmith.io>
Correct the summary for standalone-sign. The old summary appears to be a
bad copy-and-paste from "skopeo copy".
Clarify that both of these tools are debugging tools, only operating on
local files.
Signed-off-by: Ken Dreyer <kdreyer@ibm.com>
This commit makes skopeo return a different exit code when an
input is not found. The use case is `osbuild` which uses skopeo
to inspect images and it would be nice to differenciate between
an image that is not found and general skopeo errors (or errors
like network issues etc).
I picked exit code `2` for `not found` because it is also the value
of `ENOENT`.
Man page and a test are added.
Signed-off-by: Michael Vogt <mvogt@redhat.com>
Add the ability to use an on-disk trust store to verify signatures. Also allow the user to trust any known fingerprint instead of having to specify one.
Signed-off-by: James Hewitt <james.hewitt@uk.ibm.com>
- Add a prompt to the skopeo commands.
- Add a "console" identifier to fenced code
blocks which has a prompt, not "sh".
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
(skopeo copy) and (skopeo sync) now support --sign-by-sigstore=param-file,
using the containers-sigstore-signing-params.yaml(5) file format.
That notably adds support for Fulcio and Rekor signing.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Patch created by re-running the two example commands and manually
abbreviating long lists in the output.
Fixes#1766.
Signed-off-by: Fabian P. Schmidt <kerel@mailbox.org>
If a passphrase is not provided, prompt for one.
Outstanding:
- Should have integration tests.
- The signing options shared between copy and sync should live in utils.go.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>