LinuxCommandLibrary

crane-rebase

Rebase container image tags onto new base

TLDR

Rebase image

$ crane rebase
copy

New base image to insert
$ crane rebase --new_base [image_name]
copy

Old base image to remove
$ crane rebase --old_base [image_name]
copy

Tag to apply to rebased image
$ crane rebase [[-t|--tag]] [tag_name]
copy

Display help
$ crane rebase [[-h|--help]]
copy

SYNOPSIS

crane rebase [OPTIONS] BASE IMAGE

PARAMETERS

-main-name string
    Name of the main layer in multi-platform images (default: main)

-platform string
    Target platform for the base image, e.g. linux/amd64 (default: linux/amd64)

--insecure
    Allow insecure HTTP registries

--source-cert string
    Client cert for source image authentication

--source-key string
    Client key for source image authentication

--registry-mirror-urls strings
    List of registry mirror URLs

DESCRIPTION

The crane rebase command is part of the crane CLI tool, designed for efficient manipulation of OCI container images without full downloads. It rebases a source image onto a new base image by copying the non-empty layers from the source on top of the base, while preserving the original image's configuration and metadata. This is useful for updating base images in multi-stage builds, switching architectures, or minimizing image size by using a slimmer base.

It supports remote registries, local tarballs, and authenticated pulls/pushes. Crane handles platform-specific rebasing, multi-platform manifests, and attestation layers. Ideal for CI/CD pipelines where you need to update vulnerable bases without rebuilding entire images. Performance is optimized with parallel layer fetching and delta uploads.

CAVEATS

Requires compatible layer formats between base and source; may fail on mismatched OS/arch. Does not handle layer compression differences automatically. Large images can consume significant bandwidth/memory.

EXAMPLE

crane rebase alpine:latest myimage:latest newimage:latest
Rebases myimage onto alpine base, tags as newimage.

MULTI-PLATFORM

Use -platform linux/arm64 for cross-architecture rebasing; crane resolves manifests automatically.

HISTORY

Developed by Google Container Tools as part of the crane project (github.com/google/go-containerregistry/crane). First released around 2020, gained popularity with Sigstore/cosign integration for signed images. Actively maintained for OCI 1.0 compliance.

SEE ALSO

crane(1), skopeo(1), docker(1), img(1)

Copied to clipboard