Geek Answers Handbook

Where can I find the sha256 code of the docker image?

I would like to pull out the centos, tomcat, ... images using their sha256 code, as in

docker pull myimage@sha256 :0ecb2ad60

but I can not find the sha256 code to use anywhere.

I checked the dockerhub repository for any hint of sha256 code, but could not find any. I downloaded images by their tags

 docker pull tomcat:7-jre8

and checked the image using the docker inspect window to see if there is sha256 code in the metadata, but it is not (adding the sha256 image code will probably change the sha256 code).

Do I need to calculate the sha256 code of the image myself and use it?

+37
source share
7 answers

Just saw:

When I pull out the image, the sha256 code is duplicated at the bottom of the output (Digest: sha ....):

 docker pull tomcat:7-jre8 7-jre8: Pulling from library/tomcat 902b87aaaec9: Already exists 9a61b6b1315e: Already exists ... 4dcef5c50d60: Already exists Digest: sha256:c34ce3c1fcc0c7431e1392cc3abd0dfe2192ffea1898d5250f199d3ac8d8720f Status: Image is up to date for tomcat:7-jre8

This barcode

sha256: c34ce3c1fcc0c7431e1392cc3abd0dfe2192ffea1898d5250f199d3ac8d8720f

can use to pull out image with

docker pull tomcat @ sha256: c34ce3c1fcc0c7431e1392cc3abd0dfe2192ffea1898d5250f199d3ac8d8720f

Thus, you can be sure that the image will not be changed and can be safely used for production.

+14
source

Last answer

Edit suggested by OhJeez in the comments.

 docker inspect --format='{{index .RepoDigests 0}}' $IMAGE

Original answer

I believe you can also get this with

 docker inspect --format='{{.RepoDigests}}' $IMAGE

Works only in Docker 1.9 and if the image was originally extracted by a digest. Details on the docker problems tracker.

+38
source

You can get it with docker images --digests

 REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE docker/ucp-agent 2.1.0 sha256:a428de44a9059f31a59237a5881c2d2cffa93757d99026156e4ea544577ab7f3 583407a61900 3 weeks ago 22.3 MB
+20
source

It should have been an Id field that you could see in the old deprecated Docker Hub API

 GET /v1/repositories/foo/bar/images HTTP/1.1 Host: index.docker.io Accept: application/json Parameters: namespace – the namespace for the repo repo_name – the name for the repo

Answer example:

 HTTP/1.1 200 Vary: Accept Content-Type: application/json [{"id": "9e89cc6f0bc3c38722009fe6857087b486531f9a779a0c17e3ed29dae8f12c4f", "checksum": "b486531f9a779a0c17e3ed29dae8f12c4f9e89cc6f0bc3c38722009fe6857087"}, {"id": "ertwetewtwe38722009fe6857087b486531f9a779a0c1dfddgfgsdgdsgds", "checksum": "34t23f23fc17e3ed29dae8f12c4f9e89cc6f0bsdfgfsdgdsgdsgerwgew"}]

BUT: now it’s not the way it works with the new distribution of dockers .
See question 628: "Get image id with tag name"

The answer /v1/ registry response /repositories/<repo>/tags used to display the image identifier along with the tag descriptor.
/v2/ only seems to give a pen.

It would be useful to get an identifier for comparison with an identifier found locally. The only place I can find the id is in the v1Compat section of the manifest (which is redundant for the information I want)

Current (mid 2015) answer:

This property of the V1 API was very expensive as a way to store images on the backend. Only tag names are listed to avoid secondary searches.
In addition, the V2 API is not related to image identifiers. Rather, it uses digests to identify layers that can be calculated as a property of a layer and independently verified.

+3
source

In addition to the existing answers, you can use --digests at runtime with docker images to get a list of digests for all of your images.

 docker images --digests

You can add grep to deepen the details.

 docker images --digests | grep tomcat
+3
source

Just release docker pull tomcat:7-jre8 again and you will get what you want.

0
source

Newer versions of docker should support this:

 $ docker image inspect --format='{{.ID}}' node:10.9-alpine sha256:df2d34f007a1b8faeff432f21fc0839e135ef567d73aac5bae9f0bcf5007f6ac $ docker -v Docker version 18.06.1-ce, build e68fc7a
0
source

More articles:


All Articles