pocker is a resumable OCI image puller written in Rust.
It pulls images directly from registries, resumes interrupted downloads from a local cache, and imports the final image into Docker.
- Resumable layer downloads
- Docker credential helper and
config.jsonauth support - Native Docker Compose image discovery and pull support
- Docker image list, inspect, save, and load commands
- Configurable retry behavior for retryable registry failures
Install the latest prebuilt binary:
curl -fsSL https://github.com/PolarBearEs/pocker/releases/latest/download/install.sh | shTo install a specific release or install somewhere else:
curl -fsSL https://github.com/PolarBearEs/pocker/releases/download/v0.1.6/install.sh | \
POCKER_VERSION=v0.1.6 POCKER_INSTALL_DIR=/usr/local/bin shOr install from source:
cargo install --path .Or build a local release binary:
cargo build --release
./target/release/pocker versionPrebuilt release binaries are published for the targets in the support matrix.
Pull one or more images into Docker:
pocker pull alpine:latest
pocker pull alpine:latest busybox:latestPull a specific platform:
pocker pull --platform linux/arm64 ghcr.io/example/app:latestPull through another pocker cache server:
pocker pull --cache-from http://cache.example:5000 alpine:latestThe cache server sees normalized upstream image paths, so alpine:latest is served
through a path like cache.example:5000/registry-1.docker.io/library/alpine:latest.
By default, cache misses fall back to the upstream registry. To require that all
content comes from the cache server:
pocker pull --cache-from http://cache.example:5000 --cache-only alpine:latestImport through a temporary local registry instead of Docker's archive load API:
pocker pull --load-mode registry ghcr.io/example/app:latestIncrease blob retries on unstable links:
pocker pull --blob-retries 32 ghcr.io/example/app:latestRetry indefinitely on unstable links:
pocker pull --retry-forever ghcr.io/example/app:latestIncrease registry request retries for flaky pre-response failures:
pocker pull --request-retries 16 ghcr.io/example/app:latestPull more than one image at a time:
pocker pull --max-parallel-images 4 alpine:latest busybox:latestPull a private image:
printf '%s' "$REGISTRY_PASSWORD" | \
pocker pull \
--username my-user \
--password-stdin \
ghcr.io/example/private-image:latestInspect images referenced by a Compose project:
pocker compose config --format json
pocker compose config --images
pocker compose config --services
pocker compose config --pull-plan
pocker compose -f docker-compose.prod.yml config --images api workerpocker compose config --format json prints pocker's resolved pull model, not
Docker Compose's full canonical configuration. Build-only services without an
image are listed as skipped because pocker compose pull only pulls registry
images.
Pull Compose service images:
pocker compose pull
pocker compose -f docker-compose.prod.yml pull api worker
pocker compose pull --cache-from http://cache.example:5000Resolve Compose service images and pull more than one unique image at a time:
pocker compose pull --max-parallel-images 4Serve the local pocker cache as an OCI registry-compatible cache:
pocker serve --listen 0.0.0.0:5000By default, pocker serve is cache-only and returns 404 for missing content. To let
the serving instance fetch missing manifests and blobs from upstream registries:
pocker serve --listen 0.0.0.0:5000 --pull-missingDocker image helpers:
pocker cache clean
pocker image ls
pocker image inspect alpine:latest
pocker image save alpine:latest --output alpine.tar
pocker image load --input alpine.tarSee full help:
pocker --help
pocker cache --help
pocker pull --help
pocker serve --help
pocker compose --help
pocker image --help- Docker access uses
DOCKER_HOSTif set, otherwise the platform default socket - Registry auth is reused from Docker config when available
- Use
--cache-dirto override the default local cache location - Use
pocker servewithpocker pull --cache-fromto pull through another pocker cache - Use
pocker cache cleanto wipe and recreate the local cache directory - Use
--blob-retriesto set the retry budget for unstable blob downloads;0disables blob retries - Use
--request-retriesto set the retry budget for request/connect/503-style failures;0disables request retries - Use
--retry-foreverto retry retryable blob downloads and registry requests indefinitely pocker serveis cache-only by default;--pull-missingexplicitly allows upstream registry requests- Upstream auth for
pocker serve --pull-missingis resolved on the serving instance, not forwarded by clients --load-mode registryis experimental and requires the Docker daemon to reach pocker on127.0.0.1; use the defaultstreammode for remote Docker daemons or unsupported environmentspocker composeparses Compose files itself and does not require the Docker Compose CLI- Compose file selection supports default compose file discovery and repeated
-f/--file - Compose image discovery supports service
image,.envinterpolation,include, andextends; build-only services are reported as skipped because there is no registry image to pull pocker compose pull [SERVICE]...pulls only the selected services when service names are provided
| Environment | Status | Notes |
|---|---|---|
| Linux x86_64 + Docker | Supported | Built, unit-tested, and smoke-tested in CI |
| Linux arm64 + Docker | Supported | Built, unit-tested, and smoke-tested in CI |
| Linux armv7 | Build-checked | Built in CI with cargo-zigbuild, but not native runtime-validated |
| macOS arm64 | CI-checked | Built and unit-tested in CI, but not runtime-validated |
| macOS x86_64 | CI-checked | Built and unit-tested in CI, but not runtime-validated |
| Windows x64 | CI-checked | Built and unit-tested in CI with named-pipe Docker support |
| Windows arm64 | CI-checked | Built and unit-tested in CI with named-pipe Docker support |
- Docker image workflows require access to a Docker daemon socket
- Private registry pulls require either
--usernamewith--password-stdinor Docker config-based auth - Plain HTTP registries require
--plain-http - Plain HTTP pocker cache servers can be used with
--cache-from http://host:port