Inspecting remote images using Skopeo

Do you remember when we talked about the need to pull an image before you can inspect it? This was covered in the Creating handy-dandy utility containers recipe. Well, what if I told you that we can leverage Skopeo to inspect images that are in remote repositories without needing to first pull them to our local machine? That is exactly what we’re going to do here.

In the Creating handy-dandy utility containers recipe, you were instructed to run the following:

podman pull docker.io/pandoc/core
podman image inspect pandoc/core | podman run -i –rm stedolan/jq -r ‘.[].Config.Entrypoint[]’

That’s because if you tried to run podman image inspect without first pulling the container to your local machine, you would see the following error:

Error: inspecting object: pandoc/core: image not knownSkopeo allows us to work directly with container images living in remote repositories. To illustrate how this works, let’s first get rid of our local pandoc/core container image:

podman image rm pandoc/core

Now that the image is removed from our local machine, let’s use Skopeo to inspect the image directly from its remote repository:

skopeo inspect –config docker://docker.io/pandoc/core:latest | podman run -i –rm stedolan/jq -r ‘.config.Entrypoint[]’

Pretty nifty, right? I did notice there were some minor changes to the JSON paths that affected how I needed to structure my jq command to properly extract the entry point I was looking for, but all in all, leveraging Skopeo to inspect remote images yields the same information that you would get if you first pulled it in with Podman. I can definitely see advantages to using Skopeo, especially when working with larger images and/or when needing to inspect images in an automated CICD pipeline.

Handling remote images with Skopeo

Skopeo can also be used to transfer container images from one remote container repository to another, without needing to pull/download it locally first. The syntax is similar to the standard Linux cp command. In cp, we use cp <source> <destination>, and with Skopeo we use skopeo copy <source> <destination>. As an example, if we want to copy the pandoc/core image from one registry to another, all we need to do is run this:

skopeo copy docker://docker.io/pandoc/core:latest docker://example.com/pandoc/core:latest

Likewise, we can also transfer it to our local Podman container storage through the use of the containers-storage prefix, for example:

skopeo copy docker://docker.io/pandoc/core:latest containers-storage:pandoc/core:latest

Additionally, if we wanted to specify some other location, we could simply use the dir prefix followed by the path. But in this case, be sure the path exists prior and omit any characters that are incompatible with the Linux filesystem, for example:

mkdir -p $(pwd)/pandoc/core
skopeo copy docker://docker.io/pandoc/core:latest dir:$(pwd)/pandoc/core

Lastly, Skopeo can also be used to delete images from remote repositories or from local container storage. To do this, simply run the following:
skopeo delete containers-storage:pandoc/core:latest