aboutsummaryrefslogtreecommitdiff
path: root/docs/source/markdown/podman-build.1.md
diff options
context:
space:
mode:
Diffstat (limited to 'docs/source/markdown/podman-build.1.md')
-rw-r--r--docs/source/markdown/podman-build.1.md166
1 files changed, 83 insertions, 83 deletions
diff --git a/docs/source/markdown/podman-build.1.md b/docs/source/markdown/podman-build.1.md
index 8fcfe555e..1bb3c2c3a 100644
--- a/docs/source/markdown/podman-build.1.md
+++ b/docs/source/markdown/podman-build.1.md
@@ -45,14 +45,14 @@ command to see these containers. External containers can be removed with the
## OPTIONS
-#### **--add-host**=*host*
+#### **\-\-add-host**=*host*
Add a custom host-to-IP mapping (host:ip)
-Add a line to /etc/hosts. The format is hostname:ip. The **--add-host** option
+Add a line to /etc/hosts. The format is hostname:ip. The **\-\-add-host** option
can be set multiple times.
-#### **--annotation**=*annotation*
+#### **\-\-annotation**=*annotation*
Add an image *annotation* (e.g. annotation=*value*) to the image metadata. Can
be used multiple times.
@@ -60,12 +60,12 @@ be used multiple times.
Note: this information is not present in Docker image formats, so it is
discarded when writing images in Docker formats.
-#### **--arch**=*arch*
+#### **\-\-arch**=*arch*
Set the ARCH of the image to the provided value instead of the architecture of
the host.
-#### **--authfile**=*path*
+#### **\-\-authfile**=*path*
Path of the authentication file. Default is
${XDG\_RUNTIME\_DIR}/containers/auth.json, which is set using `podman login`.
@@ -76,26 +76,26 @@ Note: You can also override the default path of the authentication file by
setting the REGISTRY\_AUTH\_FILE environment variable.
`export REGISTRY_AUTH_FILE=path`
-#### **--build-arg**=*arg=value*
+#### **\-\-build-arg**=*arg=value*
Specifies a build argument and its value, which will be interpolated in
instructions read from the Containerfiles in the same way that environment
variables are, but which will not be added to environment variable list in the
resulting image's configuration.
-#### **--cache-from**
+#### **\-\-cache-from**
Images to utilize as potential cache sources. Podman does not currently support
caching so this is a NOOP. (This option is not available with the remote Podman client)
-#### **--cap-add**=*CAP\_xxx*
+#### **\-\-cap-add**=*CAP\_xxx*
When executing RUN instructions, run the command specified in the instruction
with the specified capability added to its capability set.
Certain capabilities are granted by default; this option can be used to add
more.
-#### **--cap-drop**=*CAP\_xxx*
+#### **\-\-cap-drop**=*CAP\_xxx*
When executing RUN instructions, run the command specified in the instruction
with the specified capability removed from its capability set.
@@ -104,40 +104,40 @@ CAP\_FSETID, CAP\_KILL, CAP\_MKNOD, CAP\_NET\_BIND\_SERVICE, CAP\_SETFCAP,
CAP\_SETGID, CAP\_SETPCAP, CAP\_SETUID, and CAP\_SYS\_CHROOT capabilities are
granted by default; this option can be used to remove them.
-If a capability is specified to both the **--cap-add** and **--cap-drop**
+If a capability is specified to both the **\-\-cap-add** and **\-\-cap-drop**
options, it will be dropped, regardless of the order in which the options were
given.
-#### **--cert-dir**=*path*
+#### **\-\-cert-dir**=*path*
Use certificates at *path* (\*.crt, \*.cert, \*.key) to connect to the registry.
Default certificates directory is _/etc/containers/certs.d_. (This option is not available with the remote Podman client)
-#### **--cgroup-parent**=*path*
+#### **\-\-cgroup-parent**=*path*
Path to cgroups under which the cgroup for the container will be created. If the
path is not absolute, the path is considered to be relative to the cgroups path
of the init process. Cgroups will be created if they do not already exist.
-#### **--compress**
+#### **\-\-compress**
This option is added to be aligned with other containers CLIs.
Podman doesn't communicate with a daemon or a remote server.
Thus, compressing the data before sending it is irrelevant to Podman. (This option is not available with the remote Podman client)
-#### **--cni-config-dir**=*directory*
+#### **\-\-cni-config-dir**=*directory*
Location of CNI configuration files which will dictate which plugins will be
used to configure network interfaces and routing for containers created for
handling `RUN` instructions, if those containers will be run in their own
network namespaces, and networking is not disabled.
-#### **--cni-plugin-path**=*directory[:directory[:directory[...]]]*
+#### **\-\-cni-plugin-path**=*directory[:directory[:directory[...]]]*
List of directories in which the CNI plugins which will be used for configuring
network namespaces can be found.
-#### **--cpu-period**=*limit*
+#### **\-\-cpu-period**=*limit*
Set the CPU period for the Completely Fair Scheduler (CFS), which is a
duration in microseconds. Once the container's CPU quota is used up, it will
@@ -148,20 +148,20 @@ On some systems, changing the CPU limits may not be allowed for non-root
users. For more details, see
https://github.com/containers/podman/blob/master/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error
-#### **--cpu-quota**=*limit*
+#### **\-\-cpu-quota**=*limit*
Limit the CPU Completely Fair Scheduler (CFS) quota.
Limit the container's CPU usage. By default, containers run with the full
CPU resource. The limit is a number in microseconds. If you provide a number,
the container will be allowed to use that much CPU time until the CPU period
-ends (controllable via **--cpu-period**).
+ends (controllable via **\-\-cpu-period**).
On some systems, changing the CPU limits may not be allowed for non-root
users. For more details, see
https://github.com/containers/podman/blob/master/troubleshooting.md#26-running-containers-with-cpu-limits-fails-with-a-permissions-error
-#### **--cpu-shares**, **-c**=*shares*
+#### **\-\-cpu-shares**, **-c**=*shares*
CPU shares (relative weight)
@@ -169,7 +169,7 @@ By default, all containers get the same proportion of CPU cycles. This
proportion can be modified by changing the container's CPU share weighting
relative to the weighting of all other running containers.
-To modify the proportion from the default of 1024, use the **--cpu-shares**
+To modify the proportion from the default of 1024, use the **\-\-cpu-shares**
flag to set the weighting to 2 or higher.
The proportion will only apply when CPU-intensive processes are running.
@@ -199,11 +199,11 @@ division of CPU shares:
101 {C1} 1 100% of CPU1
102 {C1} 2 100% of CPU2
-#### **--cpuset-cpus**=*num*
+#### **\-\-cpuset-cpus**=*num*
CPUs in which to allow execution (0-3, 0,1)
-#### **--cpuset-mems**=*nodes*
+#### **\-\-cpuset-mems**=*nodes*
Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on
NUMA systems.
@@ -212,26 +212,26 @@ If you have four memory nodes on your system (0-3), use `--cpuset-mems=0,1`
then processes in your container will only use memory from the first
two memory nodes.
-#### **--creds**=*creds*
+#### **\-\-creds**=*creds*
The [username[:password]] to use to authenticate with the registry if required.
If one or both values are not supplied, a command line prompt will appear and
the value can be entered. The password is entered without echo.
-#### **--decryption-key**=*key[:passphrase]*
+#### **\-\-decryption-key**=*key[:passphrase]*
The [key[:passphrase]] to be used for decryption of images. Key can point to
keys and/or certificates. Decryption will be tried with all keys. If the key is
protected by a passphrase, it is required to be passed in the argument and
omitted otherwise.
-#### **--device**=_host-device_[**:**_container-device_][**:**_permissions_]
+#### **\-\-device**=_host-device_[**:**_container-device_][**:**_permissions_]
Add a host device to the container. Optional *permissions* parameter
can be used to specify device permissions, it is combination of
**r** for read, **w** for write, and **m** for **mknod**(2).
-Example: **--device=/dev/sdc:/dev/xvdc:rwm**.
+Example: **\-\-device=/dev/sdc:/dev/xvdc:rwm**.
Note: if _host_device_ is a symbolic link then it will be resolved first.
The container will only store the major and minor numbers of the host device.
@@ -239,24 +239,24 @@ The container will only store the major and minor numbers of the host device.
Note: if the user only has access rights via a group, accessing the device
from inside a rootless container will fail. The **crun**(1) runtime offers a
workaround for this by adding the option
-#### **--annotation run.oci.keep_original_groups=1**.
+#### **\-\-annotation run.oci.keep_original_groups=1**.
-#### **--disable-compression**, **-D**
+#### **\-\-disable-compression**, **-D**
Don't compress filesystem layers when building the image unless it is required
by the location where the image is being written. This is the default setting,
because image layers are compressed automatically when they are pushed to
registries, and images being written to local storage would only need to be
decompressed again to be stored. Compression can be forced in all cases by
-specifying **--disable-compression=false**.
+specifying **\-\-disable-compression=false**.
-#### **--disable-content-trust**
+#### **\-\-disable-content-trust**
This is a Docker specific option to disable image verification to a Docker
registry and is not supported by Podman. This flag is a NOOP and provided
solely for scripting compatibility. (This option is not available with the remote Podman client)
-#### **--dns**=*dns*
+#### **\-\-dns**=*dns*
Set custom DNS servers to be used during the build.
@@ -269,15 +269,15 @@ The special value **none** can be specified to disable creation of
/etc/resolv.conf in the container by Podman. The /etc/resolv.conf file in the
image will be used without changes.
-#### **--dns-option**=*option*
+#### **\-\-dns-option**=*option*
Set custom DNS options to be used during the build.
-#### **--dns-search**=*domain*
+#### **\-\-dns-search**=*domain*
Set custom DNS search domains to be used during the build.
-#### **--file**, **-f**=*Containerfile*
+#### **\-\-file**, **-f**=*Containerfile*
Specifies a Containerfile which contains instructions for building the image,
either a local file or an **http** or **https** URL. If more than one
@@ -290,12 +290,12 @@ context.
If you specify `-f -`, the Containerfile contents will be read from stdin.
-#### **--force-rm**=*true|false*
+#### **\-\-force-rm**=*true|false*
Always remove intermediate containers after a build, even if the build fails
(default true).
-#### **--format**
+#### **\-\-format**
Control the format for the built image's manifest and configuration data.
Recognized formats include *oci* (OCI image-spec v1.0, the default) and
@@ -304,28 +304,28 @@ Recognized formats include *oci* (OCI image-spec v1.0, the default) and
Note: You can also override the default format by setting the BUILDAH\_FORMAT
environment variable. `export BUILDAH_FORMAT=docker`
-#### **--from**
+#### **\-\-from**
Overrides the first `FROM` instruction within the Containerfile. If there are multiple
FROM instructions in a Containerfile, only the first is changed.
-**-h**, **--help**
+**-h**, **\-\-help**
Print usage statement
-#### **--http-proxy**
+#### **\-\-http-proxy**
Pass through HTTP Proxy environment variables.
-#### **--iidfile**=*ImageIDfile*
+#### **\-\-iidfile**=*ImageIDfile*
Write the image ID to the file.
-#### **--ignorefile**
+#### **\-\-ignorefile**
Path to an alternative .dockerignore file.
-#### **--ipc**=*how*
+#### **\-\-ipc**=*how*
Sets the configuration for IPC namespaces when handling `RUN` instructions.
The configured value can be "" (the empty string) or "container" to indicate
@@ -334,7 +334,7 @@ that the IPC namespace in which `podman` itself is being run should be reused,
or it can be the path to an IPC namespace which is already in use by
another process.
-#### **--isolation**=*type*
+#### **\-\-isolation**=*type*
Controls what type of isolation is used for running processes as part of `RUN`
instructions. Recognized types include *oci* (OCI-compatible runtime, the
@@ -348,13 +348,13 @@ chroot(1) than container technology).
Note: You can also override the default isolation type by setting the
BUILDAH\_ISOLATION environment variable. `export BUILDAH_ISOLATION=oci`
-#### **--jobs**=*number*
+#### **\-\-jobs**=*number*
Run up to N concurrent stages in parallel. If the number of jobs is greater
than 1, stdin will be read from /dev/null. If 0 is specified, then there is
no limit in the number of jobs that run in parallel.
-#### **--label**=*label*
+#### **\-\-label**=*label*
Add an image *label* (e.g. label=*value*) to the image metadata. Can be used
multiple times.
@@ -369,30 +369,30 @@ capabilities is a subset of the default list.
If the specified capabilities are not in the default set, Podman will
print an error message and will run the container with the default capabilities.
-#### **--layers**
+#### **\-\-layers**
Cache intermediate images during the build process (Default is `true`).
Note: You can also override the default value of layers by setting the
BUILDAH\_LAYERS environment variable. `export BUILDAH_LAYERS=true`
-#### **--logfile**=*filename*
+#### **\-\-logfile**=*filename*
Log output which would be sent to standard output and standard error to the
specified file instead of to standard output and standard error.
-#### **--loglevel**=*number*
+#### **\-\-loglevel**=*number*
Adjust the logging level up or down. Valid option values range from -2 to 3,
with 3 being roughly equivalent to using the global *--debug* option, and
values below 0 omitting even error messages which accompany fatal errors.
-#### **--manifest** "manifest"
+#### **\-\-manifest** "manifest"
Name of the manifest list to which the image will be added. Creates the manifest list
if it does not exist. This option is useful for building multi architecture images.
-#### **--memory**, **-m**=*LIMIT*
+#### **\-\-memory**, **-m**=*LIMIT*
Memory limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kilobytes),
m (megabytes), or g (gigabytes))
@@ -403,18 +403,18 @@ not limited. The actual limit may be rounded up to a multiple of the operating
system's page size (the value would be very large, that's millions of
trillions).
-#### **--memory-swap**=*LIMIT*
+#### **\-\-memory-swap**=*LIMIT*
A limit value equal to memory plus swap. Must be used with the **-m**
-(**--memory**) flag. The swap `LIMIT` should always be larger than **-m**
-(**--memory**) value. By default, the swap `LIMIT` will be set to double
+(**\-\-memory**) flag. The swap `LIMIT` should always be larger than **-m**
+(**\-\-memory**) value. By default, the swap `LIMIT` will be set to double
the value of --memory.
The format of `LIMIT` is `<number>[<unit>]`. Unit can be `b` (bytes),
`k` (kilobytes), `m` (megabytes), or `g` (gigabytes). If you don't specify a
unit, `b` is used. Set LIMIT to `-1` to enable unlimited swap.
-#### **--network**=*mode*, **--net**
+#### **\-\-network**=*mode*, **\-\-net**
Sets the configuration for network namespaces when handling `RUN` instructions.
@@ -427,17 +427,17 @@ considered insecure.
- **ns:**_path_: path to a network namespace to join.
- **private**: create a new namespace for the container (default).
-#### **--no-cache**
+#### **\-\-no-cache**
Do not use existing cached images for the container build. Build from the start
with a new set of cached layers.
-#### **--os**=*string*
+#### **\-\-os**=*string*
Set the OS to the provided value instead of the current operating system of the
host.
-#### **--pid**=*pid*
+#### **\-\-pid**=*pid*
Sets the configuration for PID namespaces when handling `RUN` instructions.
The configured value can be "" (the empty string) or "container" to indicate
@@ -446,13 +446,13 @@ that the PID namespace in which `podman` itself is being run should be reused,
or it can be the path to a PID namespace which is already in use by another
process.
-#### **--platform**="Linux"
+#### **\-\-platform**="Linux"
This option has no effect on the build. Other container engines use this option
to control the execution platform for the build (e.g., Windows, Linux) which is
not required for Buildah as it supports only Linux.
-#### **--pull**
+#### **\-\-pull**
When the option is specified or set to "true", pull the image. Raise an error
if the image could not be pulled, even if the image is present locally.
@@ -461,28 +461,28 @@ If the option is disabled (with *--pull=false*) or not specified, pull the
image from the registry only if the image is not present locally. Raise an
error if the image is not found in the registries and is not present locally.
-#### **--pull-always**
+#### **\-\-pull-always**
Pull the image from the first registry it is found in as listed in
registries.conf. Raise an error if not found in the registries, even if the
image is present locally.
-#### **--pull-never**
+#### **\-\-pull-never**
Do not pull the image from the registry, use only the local version. Raise an
error if the image is not present locally.
-#### **--quiet**, **-q**
+#### **\-\-quiet**, **-q**
Suppress output messages which indicate which instruction is being processed,
and of progress when pulling images from a registry, and when writing the
output image.
-#### **--rm**=*true|false*
+#### **\-\-rm**=*true|false*
Remove intermediate containers after a successful build (default true).
-#### **--runtime**=*path*
+#### **\-\-runtime**=*path*
The *path* to an alternate OCI-compatible runtime, which will be used to run
commands specified by the **RUN** instruction.
@@ -490,7 +490,7 @@ commands specified by the **RUN** instruction.
Note: You can also override the default runtime by setting the BUILDAH\_RUNTIME
environment variable. `export BUILDAH_RUNTIME=/usr/local/bin/runc`
-#### **--security-opt**=*option*
+#### **\-\-security-opt**=*option*
Security Options
@@ -510,7 +510,7 @@ container
- `seccomp=profile.json` : White listed syscalls seccomp Json file to be used
as a seccomp filter
-#### **--shm-size**=*size*
+#### **\-\-shm-size**=*size*
Size of `/dev/shm`. The format is `<number><unit>`. `number` must be greater
than `0`.
@@ -518,40 +518,40 @@ Unit is optional and can be `b` (bytes), `k` (kilobytes), `m`(megabytes), or
`g` (gigabytes). If you omit the unit, the system uses bytes. If you omit the
size entirely, the system uses `64m`.
-#### **--sign-by**=*fingerprint*
+#### **\-\-sign-by**=*fingerprint*
Sign the image using a GPG key with the specified FINGERPRINT. (This option is not available with the remote Podman client)
-#### **--squash**
+#### **\-\-squash**
Squash all of the image's new layers into a single new layer; any preexisting
layers are not squashed.
-#### **--squash-all**
+#### **\-\-squash-all**
Squash all of the new image's layers (including those inherited from a base
image) into a single new layer.
-#### **--stdin**
+#### **\-\-stdin**
Pass stdin into the RUN containers. Sometime commands being RUN within a Containerfile
want to request information from the user. For example apt asking for a confirmation for install.
Use --stdin to be able to interact from the terminal during the build.
-#### **--tag**, **-t**=*imageName*
+#### **\-\-tag**, **-t**=*imageName*
Specifies the name which will be assigned to the resulting image if the build
process completes successfully.
If _imageName_ does not include a registry name, the registry name *localhost*
will be prepended to the image name.
-#### **--target**=*stageName*
+#### **\-\-target**=*stageName*
Set the target build stage to build. When building a Containerfile with
multiple build stages, --target can be used to specify an intermediate build
stage by name as the final stage for the resulting image. Commands after the target stage will be skipped.
-#### **--timestamp** *seconds*
+#### **\-\-timestamp** *seconds*
Set the create timestamp to seconds since epoch to allow for deterministic
builds (defaults to current time). By default, the created timestamp is changed
@@ -562,12 +562,12 @@ specified and therefore not changed, allowing the image's sha256 hash to remain
same. All files committed to the layers of the image will be created with the
timestamp.
-#### **--tls-verify**=*true|false*
+#### **\-\-tls-verify**=*true|false*
Require HTTPS and verify certificates when talking to container registries
(defaults to true). (This option is not available with the remote Podman client)
-#### **--ulimit**=*type*=*soft-limit*[:*hard-limit*]
+#### **\-\-ulimit**=*type*=*soft-limit*[:*hard-limit*]
Specifies resource limits to apply to processes launched when processing `RUN`
instructions. This option can be specified multiple times. Recognized resource
@@ -588,7 +588,7 @@ types include:
"sigpending": maximum number of pending signals (ulimit -i)
"stack": maximum stack size (ulimit -s)
-#### **--userns**=*how*
+#### **\-\-userns**=*how*
Sets the configuration for user namespaces when handling `RUN` instructions.
The configured value can be "" (the empty string) or "container" to indicate
@@ -597,7 +597,7 @@ the user namespace in which `podman` itself is being run should be reused, or
it can be the path to an user namespace which is already in use by another
process.
-#### **--userns-uid-map**=*mapping*
+#### **\-\-userns-uid-map**=*mapping*
Directly specifies a UID mapping which should be used to set ownership, at the
filesystem level, on the working container's contents.
@@ -618,7 +618,7 @@ If none of --userns-uid-map-user, --userns-gid-map-group, or --userns-uid-map
are specified, but --userns-gid-map is specified, the UID map will be set to
use the same numeric values as the GID map.
-#### **--userns-gid-map**=*mapping*
+#### **\-\-userns-gid-map**=*mapping*
Directly specifies a GID mapping which should be used to set ownership, at the
filesystem level, on the working container's contents.
@@ -639,7 +639,7 @@ If none of --userns-uid-map-user, --userns-gid-map-group, or --userns-gid-map
are specified, but --userns-uid-map is specified, the GID map will be set to
use the same numeric values as the UID map.
-#### **--userns-uid-map-user**=*user*
+#### **\-\-userns-uid-map-user**=*user*
Specifies that a UID mapping which should be used to set ownership, at the
filesystem level, on the working container's contents, can be found in entries
@@ -654,7 +654,7 @@ suitable user name to use as the default setting for this option.
mappings are relative to the rootless usernamespace in the container, rather
than being relative to the host as it would be when run rootful.
-#### **--userns-gid-map-group**=*group*
+#### **\-\-userns-gid-map-group**=*group*
Specifies that a GID mapping which should be used to set ownership, at the
filesystem level, on the working container's contents, can be found in entries
@@ -669,7 +669,7 @@ suitable group name to use as the default setting for this option.
mappings are relative to the rootless usernamespace in the container, rather
than being relative to the host as it would be when run rootful.
-#### **--uts**=*how*
+#### **\-\-uts**=*how*
Sets the configuration for UTS namespaces when the handling `RUN` instructions.
The configured value can be "" (the empty string) or "container" to indicate
@@ -678,11 +678,11 @@ that the UTS namespace in which `podman` itself is being run should be reused,
or it can be the path to a UTS namespace which is already in use by another
process.
-#### **--variant**=""
+#### **\-\-variant**=""
Set the architecture variant of the image to be pulled.
-#### **--volume**, **-v**[=*[HOST-DIR:CONTAINER-DIR[:OPTIONS]]*]
+#### **\-\-volume**, **-v**[=*[HOST-DIR:CONTAINER-DIR[:OPTIONS]]*]
Create a bind mount. If you specify, ` -v /HOST-DIR:/CONTAINER-DIR`, Podman
bind mounts `/HOST-DIR` in the host to `/CONTAINER-DIR` in the Podman