Automic VaultAutomic Vault

brew

Install manifest-tool with Homebrew, apk, dnf, Nix

Command-line tool to create and query container image manifest list/indexes. Version 2.2.2 via Homebrew; verified 2026-05-06.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install manifest-tool

local Homebrew formula metadata

Linux

Alpine Linux apkverified · 92%
sudo apk add manifest-tool

Alpine Linux edge package indexes · manifest-tool · source: dl-cdn.alpinelinux.org

Fedora dnfverified · 92%
sudo dnf install manifest-tool

Fedora Rawhide package metadata · manifest-tool · source: dl.fedoraproject.org

Nixverified · 92%
nix profile install nixpkgs#manifest-tool

nixpkgs package indexes · pkgs/by-name/ma/manifest-tool/package.nix · source: api.github.com

overview

Package summary

Command-line tool to create and query container image manifest list/indexes

Commands and aliases

  • manifest-tool

history

Project history and usage

manifest-tool is a Go command-line utility for inspecting and pushing multi-platform container image manifest lists and OCI image indexes. It helped make multi-architecture container image publishing practical before those workflows were common in mainstream container CLIs.

Project history

The public repository was created in March 2016. The README describes manifest-tool as one of the first command-line tools capable of assembling Docker v2.2 manifest lists, later more commonly known as OCI image indexes.

The project's history section says the codebase began as a joint project with Harshal Patil from IBM Bangalore and was originally forked from registry client code in skopeo, which later became part of the Red Hat container tooling ecosystem. The v2 rewrite removed the original skopeo-derived code, while the old code remained part of v1 releases.

Adoption history

manifest-tool gained relevance during the transition from one-image-per-architecture publishing to a single image reference that can resolve to architecture-specific images. The README notes that Docker's early `docker manifest` command was based on code from manifest-tool through a Docker CLI pull request in early 2018.

The project distributes release binaries for many architectures and also publishes a Docker image, matching the multi-platform audience it serves. By 2026 the repository had hundreds of stars and forks, indicating continued use even after Docker and other container tools added overlapping functionality.

How it is used

Users inspect an image reference with `manifest-tool inspect` to see manifest or index entries and platform support. For publishing, `manifest-tool push` can read a YAML spec or command-line arguments that list platforms, source image templates, target image references, and tags.

For pushing to a registry, the README says credentials can be supplied on the command line, via credential helper support similar to the Docker client, or through an existing Docker client configuration.

Why package nerds care

For package and container infrastructure maintainers, manifest-tool is historically important because it represents the period when multi-arch container images were still being assembled with specialized external tooling. It is also a useful reference point for the evolution from Docker manifest lists to OCI indexes.

Timeline

  • 2016: Public GitHub repository created.
  • 2016: Docker v2.2 manifest lists were the target format described by the project.
  • 2018: Docker CLI manifest work drew on manifest-tool code according to the README.
  • 2025: v2.2.0 release published.
  • 2026: v2.2.2 release published.

Related projects

  • The README names skopeo as the original registry-client lineage for early manifest-tool code.
  • The README points to `mquery` as a related utility for querying public image references.
  • The Docker CLI `docker manifest` command is described by the README as having incorporated much of manifest-tool's original functionality.

security posture

Risk level: orange

broad file, network, media, or database tool signal. infrastructure mutation or orchestration signal.

Risk classifier

orange risk · medium confidence · infrastructure

Why

  • broad file, network, media, or database tool signal
  • infrastructure mutation or orchestration signal

Signals

  • text:container
  • text:image

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
manifest-toolcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version2.2.2
manager updated2026-05-06
local dataok
upstreamcurrent
latest detectedv2.2.2

https://github.com/estesp/manifest-tool

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:manifest-tool
Version2.2.2
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/manifest-tool
Homepagehttps://github.com/estesp/manifest-tool/
Repositoryhttps://github.com/estesp/manifest-tool
Upstream docshttps://github.com/estesp/manifest-tool#readme
LicenseApache-2.0
Source archivehttps://github.com/estesp/manifest-tool/archive/refs/tags/v2.2.2.tar.gz
Last updated2026-05-06T12:33:46Z
Pulseupdated
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namemanifest-tool
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

manifest-tool

nix profile install nixpkgs#manifest-tool
  • normalized package name match
  • Matched by: Manifest Tool
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/ma/manifest-tool/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
apk95%

manifest-tool 2.2.1-r4

tool for inspecting and creating multi-platform container images

https://github.com/estesp/manifest-tool

sudo apk add manifest-tool
  • License: Apache-2.0
  • Architecture: x86_64
  • Source Package: manifest-tool
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Manifest Tool
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: manifest-tool from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz
dnf95%

manifest-tool 2.0.8-12.fc44

A command line tool used for creating manifest list objects

https://github.com/estesp/manifest-tool

sudo dnf install manifest-tool
  • License: Apache-2.0
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: manifest-tool
  • 2 dependencies
  • 2 provides
  • normalized package name match
  • Matched by: Manifest Tool
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: manifest-tool from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment