[Feature request] Upload image untagged

[lf-]

Hi! I have a weird use case for skopeo, admittedly: I build container images with Nix which yields docker-archive files (technically I could produce oci images here, but docker seems to not know how to load those so I inevitably do have to produce docker-archive images somewhere). I then want to upload those to a registry untagged, while converting them to OCI so that I can then build a composite image of them using the OCI Index manifest.

As it currently stands, there is no way to skopeo copy an image when specifying a changed --format without tagging it! The reason for this is that you can't know what the hash of the resulting manifest will be before the copy is completed (and --digestfile is written), so there is a causality problem here.

This is what we are doing currently, but we really don't want to use these temp tags because they can confuse users and are an implementation detail:

skopeo --insecure-policy copy --format oci --digestfile @(digest_file) docker-archive:@(path) f'docker://{target.registry_path}:temp-{docker_os}-{docker_arch}'

The workaround we are about to put into place is to copy into an oci archive first, then call skopeo inspect to get the hash then upload that. But that reference type really doesn't make any sense, since you, as a user, would really consider the hash to be an output property, right?

If you don't specify a reference, it picks latest, which is also definitely not what we want here.

What I want: skopeo copy <...> docker://registry/image@untagged or so.

[mtrmac]

Thanks for reaching out.

Thanks to @umohnani8 , docker://registry/image@@unknown-digest@@ ( https://github.com/containers/image/blob/main/docs/containers-transports.5.md ) is supported since Skopeo 1.14.1.

Does that do what you need?

[lf-]

That looks very likely what I need, yes! I'll take a closer look.

[lf-]

Appears this works for our use case, awesome! Thanks for the pointers.