github.com/hanks177/podman/v4@v4.1.3-0.20220613032544-16d90015bc83/docs/source/markdown/podman-pull.1.md (about) 1 % podman-pull(1) 2 3 ## NAME 4 podman\-pull - Pull an image from a registry 5 6 ## SYNOPSIS 7 **podman pull** [*options*] *source* [*source*...] 8 9 **podman image pull** [*options*] *source* [*source*...] 10 11 **podman pull** [*options*] [*transport*]*name*[:*tag*|@*digest*] 12 13 **podman image pull** [*options*] [*transport*]*name*[:*tag*|@*digest*] 14 15 ## DESCRIPTION 16 podman pull copies an image from a registry onto the local machine. The command can pull one or more images. If the image reference in the command line argument does not contain a registry, it is referred to as a`short-name` reference. If the image is a 'short-name' reference, Podman will prompt the user for the specific container registry to pull the image from, if an alias for the short-name has not been specified in the `short-name-aliases.conf`. If an image tag is not specified, **podman pull** defaults to the image with the **latest** tag (if it exists) and pulls it. After the image is pulled, podman will print the full image ID. **podman pull** can also pull images using a digest **podman pull** *image*@*digest* and can also be used to pull images from archives and local storage using different transports. 17 *IMPORTANT: Images are stored in local image storage.* 18 19 ## SOURCE 20 SOURCE is the location from which the container image is pulled from. It supports all transports from **[containers-transports(5)](https://github.com/containers/image/blob/main/docs/containers-transports.5.md)**. If no transport is specified, the input is subject to short-name resolution and the `docker` (i.e., container registry) transport is used. For remote clients, including Mac and Windows (excluding WSL2) machines, `docker` is the only supported transport. 21 22 ``` 23 # Pull from a container registry 24 $ podman pull quay.io/username/myimage 25 26 # Pull from a container registry with short-name resolution 27 $ podman pull fedora 28 29 # Pull from a container registry via the docker transport 30 $ podman pull docker://quay.io/username/myimage 31 32 # Pull from a local directory 33 $ podman pull dir:/tmp/myimage 34 35 # Pull from a tarball in the docker-archive format 36 $ podman pull docker-archive:/tmp/myimage 37 38 # Pull from a local docker daemon 39 $ sudo podman pull docker-daemon:docker.io/library/myimage:33 40 41 # Pull from a tarball in the OCI-archive format 42 $ podman pull oci-archive:/tmp/myimage 43 ``` 44 45 ## OPTIONS 46 #### **--all-tags** 47 48 All tagged images in the repository will be pulled. 49 50 *IMPORTANT: When using the all-tags flag, Podman will not iterate over the search registries in the **[containers-registries.conf(5)](https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md)** but will always use docker.io for unqualified image names.* 51 52 #### **--arch**=*ARCH* 53 Override the architecture, defaults to hosts, of the image to be pulled. For example, `arm`. 54 55 #### **--authfile**=*path* 56 57 Path of the authentication file. If the authorization state is not found there, `$HOME/.docker/config.json` is checked, which is set using `docker login`. 58 59 Default is `${XDG\_RUNTIME\_DIR}/containers/auth.json`, which is set using `podman login`. 60 61 *IMPORTANT: The default path of the authentication file can be overwritten by setting the `REGISTRY\_AUTH\_FILE` environment variable. `export REGISTRY_AUTH_FILE=path`* 62 63 #### **--cert-dir**=*path* 64 65 Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry. (Default: /etc/containers/certs.d) 66 Please refer to **[containers-certs.d(5)](https://github.com/containers/image/blob/main/docs/containers-certs.d.5.md)** for details. (This option is not available with the remote Podman client, including Mac and Windows (excluding WSL2) machines) 67 68 #### **--creds**=*[username[:password]]* 69 70 The [username[:password]] to use to authenticate with the registry if required. 71 If one or both values are not supplied, a command line prompt will appear and the 72 value can be entered. The password is entered without echo. 73 74 #### **--disable-content-trust** 75 76 This is a Docker specific option to disable image verification to a Docker 77 registry and is not supported by Podman. This flag is a NOOP and provided 78 solely for scripting compatibility. 79 80 #### **--help**, **-h** 81 82 Print the usage statement. 83 84 #### **--os**=*OS* 85 86 Override the OS, defaults to hosts, of the image to be pulled. For example, `windows`. 87 88 #### **--platform**=*OS/ARCH* 89 90 Specify the platform for selecting the image. The `--platform` option can be used to override the current architecture and operating system. 91 92 *IMPORTANT: Conflicts with --arch and --os* 93 94 #### **--quiet**, **-q** 95 96 Suppress output information when pulling images 97 98 #### **--tls-verify** 99 100 Require HTTPS and verify certificates when contacting registries (default: true). If explicitly set to true, 101 then TLS verification will be used. If set to false, then TLS verification will not be used. If not specified, 102 TLS verification will be used unless the target registry is listed as an insecure registry in registries.conf. 103 104 #### **--variant**=*VARIANT* 105 106 Use _VARIANT_ instead of the default architecture variant of the container image. Some images can use multiple variants of the arm architectures, such as arm/v5 and arm/v7. 107 108 ## FILES 109 110 **short-name-aliases.conf** (`/var/cache/containers/short-name-aliases.conf`, `$HOME/.cache/containers/short-name-aliases.conf`) 111 112 When users specify images that do not include the container registry where the 113 image is stored, this is called a short name. The use of unqualified-search registries entails an ambiguity as it is unclear from which registry a given image, referenced by a short name, may be pulled from. 114 115 Using short names is subject to the risk of hitting squatted registry namespaces. If the unqualified-search registries are set to ["public-registry.com", "my-private-registry.com"] an attacker may take over a namespace of `public-registry.com` such that an image may be pulled from `public-registry.com` instead of the intended source `my-private-registry.com`. 116 117 While it is highly recommended to always use fully-qualified image references, existing deployments using short names may not be easily changed. To circumvent the aforementioned ambiguity, so called short-name aliases can be configured that point to a fully-qualified image reference. Distributions often ship a default shortnames.conf expansion file in /etc/containers/registries.conf.d/ directory. Administrators can use this directory to add their own local short-name expansion files. 118 119 When pulling an image, if the user does not specify the complete registry, container engines attempt to expand the short-name into a full name. If the command is executed with a tty, the user will be prompted to select a registry from the 120 default list unqualified registries defined in registries.conf. The user's selection is then stored in a cache file to be used in all future short-name expansions. Rootful short-names are stored in /var/cache/containers/short-name-aliases.conf. Rootless short-names are stored in the $HOME/.cache/containers/short-name-aliases.conf file. 121 122 For more information on short-names, see `containers-registries.conf(5)` 123 124 **registries.conf** (`/etc/containers/registries.conf`) 125 126 registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion. 127 128 NOTE: Use the environment variable `TMPDIR` to change the temporary storage location of downloaded container images. Podman defaults to use `/var/tmp`. 129 130 131 ## EXAMPLES 132 Pull a single image with short name resolution. 133 ``` 134 $ podman pull alpine:latest 135 Resolved "alpine" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf) 136 Trying to pull docker.io/library/alpine:latest... 137 Getting image source signatures 138 Copying blob 5843afab3874 done 139 Copying config d4ff818577 done 140 Writing manifest to image destination 141 Storing signatures 142 d4ff818577bc193b309b355b02ebc9220427090057b54a59e73b79bdfe139b83 143 ``` 144 145 Pull multiple images with/without short name resolution. 146 ``` 147 podman pull busybox:musl alpine quay.io/libpod/cirros 148 Trying to pull docker.io/library/busybox:musl... 149 Getting image source signatures 150 Copying blob 0c52b060233b [--------------------------------------] 0.0b / 0.0b 151 Copying config 9ad2c435a8 done 152 Writing manifest to image destination 153 Storing signatures 154 9ad2c435a887e3f723654e09b48563de44aa3c7950246b2e9305ec85dd3422db 155 Trying to pull docker.io/library/alpine:latest... 156 Getting image source signatures 157 Copying blob 5843afab3874 [--------------------------------------] 0.0b / 0.0b 158 Copying config d4ff818577 done 159 Writing manifest to image destination 160 Storing signatures 161 d4ff818577bc193b309b355b02ebc9220427090057b54a59e73b79bdfe139b83 162 Trying to pull quay.io/libpod/cirros:latest... 163 Getting image source signatures 164 Copying blob 8da581cc9286 done 165 Copying blob 856628d95d17 done 166 Copying blob f513001ba4ab done 167 Copying config 3c82e4d066 done 168 Writing manifest to image destination 169 Storing signatures 170 3c82e4d066cf6f9e50efaead6e3ff7fddddf5527826afd68e5a969579fc4db4a 171 ``` 172 173 Pull an image using its digest. 174 ``` 175 $ podman pull alpine@sha256:d7342993700f8cd7aba8496c2d0e57be0666e80b4c441925fc6f9361fa81d10e 176 Trying to pull docker.io/library/alpine@sha256:d7342993700f8cd7aba8496c2d0e57be0666e80b4c441925fc6f9361fa81d10e... 177 Getting image source signatures 178 Copying blob 188c0c94c7c5 done 179 Copying config d6e46aa247 done 180 Writing manifest to image destination 181 Storing signatures 182 d6e46aa2470df1d32034c6707c8041158b652f38d2a9ae3d7ad7e7532d22ebe0 183 ``` 184 185 Pull an image by specifying an authentication file. 186 ``` 187 $ podman pull --authfile temp-auths/myauths.json docker://docker.io/umohnani/finaltest 188 Trying to pull docker.io/umohnani/finaltest:latest...Getting image source signatures 189 Copying blob sha256:6d987f6f42797d81a318c40d442369ba3dc124883a0964d40b0c8f4f7561d913 190 1.90 MB / 1.90 MB [========================================================] 0s 191 Copying config sha256:ad4686094d8f0186ec8249fc4917b71faa2c1030d7b5a025c29f26e19d95c156 192 1.41 KB / 1.41 KB [========================================================] 0s 193 Writing manifest to image destination 194 Storing signatures 195 03290064078cb797f3e0a530e78c20c13dd22a3dd3adf84a5da2127b48df0438 196 ``` 197 198 Pull an image by authenticating to a registry. 199 ``` 200 $ podman pull --creds testuser:testpassword docker.io/umohnani/finaltest 201 Trying to pull docker.io/umohnani/finaltest:latest...Getting image source signatures 202 Copying blob sha256:6d987f6f42797d81a318c40d442369ba3dc124883a0964d40b0c8f4f7561d913 203 1.90 MB / 1.90 MB [========================================================] 0s 204 Copying config sha256:ad4686094d8f0186ec8249fc4917b71faa2c1030d7b5a025c29f26e19d95c156 205 1.41 KB / 1.41 KB [========================================================] 0s 206 Writing manifest to image destination 207 Storing signatures 208 03290064078cb797f3e0a530e78c20c13dd22a3dd3adf84a5da2127b48df0438 209 ``` 210 211 Pull an image using tls verification. 212 ``` 213 $ podman pull --tls-verify=false --cert-dir image/certs docker.io/umohnani/finaltest 214 Trying to pull docker.io/umohnani/finaltest:latest...Getting image source signatures 215 Copying blob sha256:6d987f6f42797d81a318c40d442369ba3dc124883a0964d40b0c8f4f7561d913 216 1.90 MB / 1.90 MB [========================================================] 0s 217 Copying config sha256:ad4686094d8f0186ec8249fc4917b71faa2c1030d7b5a025c29f26e19d95c156 218 1.41 KB / 1.41 KB [========================================================] 0s 219 Writing manifest to image destination 220 Storing signatures 221 03290064078cb797f3e0a530e78c20c13dd22a3dd3adf84a5da2127b48df0438 222 ``` 223 224 Pull an image by overriding the host architecture. 225 ``` 226 $ podman pull --arch=arm arm32v7/debian:stretch 227 Trying to pull docker.io/arm32v7/debian:stretch... 228 Getting image source signatures 229 Copying blob b531ae4a3925 done 230 Copying config 3cba58dad5 done 231 Writing manifest to image destination 232 Storing signatures 233 3cba58dad5d9b35e755b48b634acb3fdd185ab1c996ac11510cc72c17780e13c 234 ``` 235 236 ## SEE ALSO 237 **[podman(1)](podman.1.md)**, **[podman-push(1)](podman-push.1.md)**, **[podman-login(1)](podman-login.1.md)**, **[containers-certs.d(5)](https://github.com/containers/image/blob/main/docs/containers-certs.d.5.md)**, **[containers-registries.conf(5)](https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md)**, **[containers-transports(5)](https://github.com/containers/image/blob/main/docs/containers-transports.5.md)** 238 239 ## HISTORY 240 July 2017, Originally compiled by Urvashi Mohnani <umohnani@redhat.com>