Reputation: 184
Get digest hash of docker image before downloading
My end goal is to be able to read a hash of a container before and after pulling it from Docker hub to verify that the image downloaded from dockerhub is the same image that I now have on my computer. I understand that it sounds redundant verification of the remote and local file is important to me in this instance.
I can read the image once its downloaded by doing docker images --digests which gives me a hash I can use, but I do not know where I can find something to compare to on docker hub
docker images --digests
REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE
mcr.microsoft.com/dotnet/sdk 3.1.410-nanoserver-1809 sha256:c579393a1cb901b13355e985271c94c35cde0bd49f8640ace97f16f4fa641bac 9cba62e9195e 8 days ago 760MB
mcr.microsoft.com/windows/servercore ltsc2019-amd64 sha256:ad4ef35c9cfa9d3da0a05bfaa0901e08ee2027ea10d8487490caa9d520c46a8a 5b60ac4e9e92 11 days ago 5.62GB
Upvotes: 0
Views: 1100
Answers (1)
Reputation: 25070
You use a tool like skopeo where you can run a command like this
skopeo inspect docker://docker.io/alpine:latest
It queries the repository and returns data as JSON. The start of the data for an image includes the digest.
{
"Name": "docker.io/library/alpine",
"Digest": "sha256:234cb88d3020898631af0ccbbcca9a66ae7306ecd30c9720690858c1b007d2a0",
"RepoTags": [
"2.6",
"2.7",
If you're feeling adventurous you can also query the registry API yourself. The docs are here: https://docs.docker.com/registry/spec/api/
Upvotes: 1
Related Questions
- Accessing the image hash from within the container
- How to find the hash of a Docker image?
- Can I get an image digest without downloading the image?
- How to obtain docker image digest from tag
- Pulling docker image by digest
- Docker image with 2 different SHA256 digests
- Get docker image digest / hash from within the container
- Are docker image digests really secure?
- How to find out what a Docker image layer is from its hash?
- How can I verify a docker image hash?