我可以在不下载图像的情况下获取图像摘要吗?
类似于“Docker镜像的sha256代码是什么? ”这个问题,我想find一个Docker镜像的摘要。 我可以在下载图像时看到摘要:
$ docker pull waisbrot/wait:latest latest: Pulling from waisbrot/wait Digest: sha256:6f2185daa4ab1711181c30d03f565508e8e978ebd0f263030e7de98deee5f330 Status: Image is up to date for waisbrot/wait:latest $ 另一个问题, 什么是Dockerregistryv2 API端点来获取图像的摘要有一个build议Docker-Content-Digest标题的答案。
我可以看到,当我获取图像的清单时,有一个Docker-Content-Digest头文件:
$ curl 'https://auth.docker.io/token?service=registry.docker.io&scope=repository:waisbrot/wait:pull' -H "Authorization: Basic ${username_password_base64}" # store the resulting token in DT $ curl -v https://registry-1.docker.io/v2/waisbrot/wait/manifests/latest -H "Authorization: Bearer $DT" -XHEAD * Trying 52.7.141.30... * Connected to registry-1.docker.io (52.7.141.30) port 443 (#0) * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * Server certificate: *.docker.io * Server certificate: RapidSSL SHA256 CA - G3 * Server certificate: GeoTrust Global CA > GET /v2/waisbrot/wait/manifests/latest HTTP/1.1 > Host: registry-1.docker.io > User-Agent: curl/7.43.0 > Accept: */* > Authorization: Bearer LtVRw-etc-etc-etc > < HTTP/1.1 200 OK < Content-Length: 4974 < Content-Type: application/vnd.docker.distribution.manifest.v1+prettyjws < Docker-Content-Digest: sha256:128c6e3534b842a2eec139999b8ce8aa9a2af9907e2b9269550809d18cd832a3 < Docker-Distribution-Api-Version: registry/2.0 < Etag: "sha256:128c6e3534b842a2eec139999b8ce8aa9a2af9907e2b9269550809d18cd832a3" < Date: Wed, 07 Sep 2016 16:37:15 GMT < Strict-Transport-Security: max-age=31536000
但是,这个头部是不一样的。 pull命令得到我6f21和头显示128c 。 此外,拉动命令不适用于该摘要:
$ docker pull waisbrot/wait@sha256:128c6e3534b842a2eec139999b8ce8aa9a2af9907e2b9269550809d18cd832a3 Error response from daemon: manifest unknown: manifest unknown
而当我有正确的摘要时,事情就像我想要的那样工作:
$ docker pull waisbrot/wait@sha256:6f2185daa4ab1711181c30d03f565508e8e978ebd0f263030e7de98deee5f330 12:46 waisbrot@influenza sha256:6f2185daa4ab1711181c30d03f565508e8e978ebd0f263030e7de98deee5f330: Pulling from waisbrot/wait Digest: sha256:6f2185daa4ab1711181c30d03f565508e8e978ebd0f263030e7de98deee5f330 Status: Image is up to date for waisbrot/wait@sha256:6f2185daa4ab1711181c30d03f565508e8e978ebd0f263030e7de98deee5f330
我正在寻找的是将latest标签(随时都在变化)翻译成可以可靠拉取的固定摘要的方法。 但我不想真的把它拉下来做这个翻译。
尝试
$ curl -H "Accept: application/vnd.docker.distribution.manifest.v2+json" 'https://auth.docker.io/token?service=registry.docker.io&scope=repository:waisbrot/wait:pull' -H "Authorization: Basic ${username_password_base64}"
背景: 这个论坛链接正在讨论同样的问题。
问题是由服务器select的默认内容types是application/vnd.docker.distribution.manifest.v1+prettyjws (v1清单),并且您需要v2清单。 因此,您需要将Accept标头设置为application/vnd.docker.distribution.manifest.v2+json 。
我意识到这个问题已经回答了,但是我缺less一些东西,或者当前版本的AWS ECRregistry服务不能按预期工作。
当试图使用HEAD从AWS ECR中获取摘要并尝试切换内容types时,不会返回摘要值,我可以使用该摘要值使用registryApi获取图像。
为了得到这个摘要,你必须得到你感兴趣的标签的清单,然后按原样计算Json响应的sha256 ,包括格式,不带签名部分
跟随ByteFlinger的build议,没有一个例子,我试了这个,这是如何计算它:
$ docker-ls tag -registry https://myregistry.net:5000 spicysomtam/zookeeper:latest requesting manifest . done repository: spicysomtam/zookeeper tagName: latest digest: sha256:bd5dd80253171e4dffccbea7c639c90a63d5424aa2d7fe655aea766405c83036 $ curl -ns -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -X GET https://myregistry.net:5000/v2/spicysomtam/zookeeper/manifests/latest|sha256sum bd5dd80253171e4dffccbea7c639c90a63d5424aa2d7fe655aea766405c83036 - $ docker images --digests |grep zookeeper myregistry.net:5000/spicysomtam/zookeeper latest sha256:bd5dd80253171e4dffccbea7c639c90a63d5424aa2d7fe655aea766405c83036 a983e71ca22d 29 hours ago 584MB