mirror of
https://github.com/containers/skopeo.git
synced 2025-10-22 03:24:25 +00:00
c236b29c75
A plain sha256sum and the like is insufficient because we need to strip signatures from v2s1 manifests; so, add a subcommand. This can be used together with (skopeo inspect --raw) to download a manifest from a source untrusted to modify it under us; we download a manifest once using (skopeo inspect --raw), compute a digest using (skopeo manifest-digest), and then do all future operations using a digest reference.