on 

Docker Image ID とは

tl;dr

docker image lsdocker run <image id> で指定するイメージ ID は config のダイジェストである。

検証

プルした値の確認

inspect で確認すると、b63c3d5a14ae516d5edaa98abdd502ef3e1387825976894b400cc5e28c05c9f1 がイメージを識別するダイジェストであることがわかる。 このダイジェストでプルすることはできないが RepoDigests の値でプルすることはできる。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95

docker pull amazonlinux:latest

docker image ls
REPOSITORY    TAG       IMAGE ID       CREATED       SIZE
amazonlinux   latest    b63c3d5a14ae   3 weeks ago   194MB

docker image inspect amazonlinux
[
    {
        "Id": "sha256:b63c3d5a14ae516d5edaa98abdd502ef3e1387825976894b400cc5e28c05c9f1",
        "RepoTags": [
            "amazonlinux:latest"
        ],
        "RepoDigests": [
            "amazonlinux@sha256:a8e94ea6c17f7749b1beb0ac2c3245e0b99804190f31e05f68a0fabb5bea1787"
        ],
        "Parent": "",
        "Comment": "",
        "Created": "2022-11-17T01:39:26.005295155Z",
        "Container": "f77e96cb9982fa6bea9d9d7f284e180523a3e18ae7a88432566b20e11c88d58b",
        "ContainerConfig": {
            "Hostname": "f77e96cb9982",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
            ],
            "Cmd": [
                "/bin/sh",
                "-c",
                "#(nop) ",
                "CMD [\"/bin/bash\"]"
            ],
            "Image": "sha256:552351be5a3430c10b6b79d498677ec3744ed67f448ea046dbaf956ada781d28",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": {}
        },
        "DockerVersion": "20.10.17",
        "Author": "",
        "Config": {
            "Hostname": "",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
            ],
            "Cmd": [
                "/bin/bash"
            ],
            "Image": "sha256:552351be5a3430c10b6b79d498677ec3744ed67f448ea046dbaf956ada781d28",
            "Volumes": null,
            "WorkingDir": "",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": null
        },
        "Architecture": "arm64",
        "Variant": "v8",
        "Os": "linux",
        "Size": 193805498,
        "VirtualSize": 193805498,
        "GraphDriver": {
            "Data": {
                "MergedDir": "/var/lib/docker/overlay2/3624ead6a5c89288fe4545cd41eb26f6cae53b710f0c65fd431a2f9d6e9164df/merged",
                "UpperDir": "/var/lib/docker/overlay2/3624ead6a5c89288fe4545cd41eb26f6cae53b710f0c65fd431a2f9d6e9164df/diff",
                "WorkDir": "/var/lib/docker/overlay2/3624ead6a5c89288fe4545cd41eb26f6cae53b710f0c65fd431a2f9d6e9164df/work"
            },
            "Name": "overlay2"
        },
        "RootFS": {
            "Type": "layers",
            "Layers": [
                "sha256:ce23ae91386f52494e5f6c9dc0477f0bd4d27ec5906631a68d8f69f130a9b502"
            ]
        },
        "Metadata": {
            "LastTagTime": "0001-01-01T00:00:00Z"
        }
    }
]

1
2

docker pull amazonlinux@sha256:b63c3d5a14ae516d5edaa98abdd502ef3e1387825976894b400cc5e28c05c9f1
Error response from daemon: manifest for amazonlinux@sha256:b63c3d5a14ae516d5edaa98abdd502ef3e1387825976894b400cc5e28c05c9f1 not found: manifest unknown: manifest unknown

1
2
3
4
5

docker pull amazonlinux@sha256:a8e94ea6c17f7749b1beb0ac2c3245e0b99804190f31e05f68a0fabb5bea1787
docker.io/library/amazonlinux@sha256:a8e94ea6c17f7749b1beb0ac2c3245e0b99804190f31e05f68a0fabb5bea1787: Pulling from library/amazonlinux
Digest: sha256:a8e94ea6c17f7749b1beb0ac2c3245e0b99804190f31e05f68a0fabb5bea1787
Status: Image is up to date for amazonlinux@sha256:a8e94ea6c17f7749b1beb0ac2c3245e0b99804190f31e05f68a0fabb5bea1787
docker.io/library/amazonlinux@sha256:a8e94ea6c17f7749b1beb0ac2c3245e0b99804190f31e05f68a0fabb5bea1787

マニフェストの確認

docker manifest inspect -v を実行するとマニフェストを再起的に取得しているので便利である。 確認すると Docker Image ID は Image Config のダイジェストと一致する。

※ 実機が M2 インスタンスなので arm64 と一致する。

なお、RepoDigests の値は Manifest List のハッシュ値となる。 つまり、Docker Image ID に対応する URI を取得する場合、RepoDigests を確認もしくは docker images --digests を実行する。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

docker manifest inspect -v  amazonlinux
[
        {
                "Ref": "docker.io/library/amazonlinux:latest@sha256:0eefa899a816bf75b072f1c002a9a6d620d2cde73983fee2380533571eb99d20",
                "Descriptor": {
                        "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
                        "digest": "sha256:0eefa899a816bf75b072f1c002a9a6d620d2cde73983fee2380533571eb99d20",
                        "size": 529,
                        "platform": {
                                "architecture": "amd64",
                                "os": "linux"
                        }
                },
                "SchemaV2Manifest": {
                        "schemaVersion": 2,
                        "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
                        "config": {
                                "mediaType": "application/vnd.docker.container.image.v1+json",
                                "size": 1478,
                                "digest": "sha256:6e809582795f51280dda491769531ca101af7ce73ff67ec039597b1f000fef8c"
                        },
                        "layers": [
                                {
                                        "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
                                        "size": 62262225,
                                        "digest": "sha256:68028ec3b506bca4d81560b5fcbd408dc7cc49f4b1717a69d5396ff22700f80a"
                                }
                        ]
                }
        },
        {
                "Ref": "docker.io/library/amazonlinux:latest@sha256:6ed3f8651e7e6ae661e3bdac75a80bc532ac90dfae8ce303d866caae3b60b980",
                "Descriptor": {
                        "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
                        "digest": "sha256:6ed3f8651e7e6ae661e3bdac75a80bc532ac90dfae8ce303d866caae3b60b980",
                        "size": 529,
                        "platform": {
                                "architecture": "arm64",
                                "os": "linux",
                                "variant": "v8"
                        }
                },
                "SchemaV2Manifest": {
                        "schemaVersion": 2,
                        "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
                        "config": {
                                "mediaType": "application/vnd.docker.container.image.v1+json",
                                "size": 1493,
                                "digest": "sha256:b63c3d5a14ae516d5edaa98abdd502ef3e1387825976894b400cc5e28c05c9f1"
                        },
                        "layers": [
                                {
                                        "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
                                        "size": 63867424,
                                        "digest": "sha256:4c4d0334d8224869629842fadc7a498ccbda1acc05e7995a0a7283b23fc39c24"
                                }
                        ]
                }
        }
]

1
2
3
4
5
6
7

export TOKEN=$(curl -s "https://auth.docker.io/token?service=registry.docker.io&scope=repository:library/amazonlinux:pull" | jq -r '.token')

 curl -s -H 'Accept: application/vnd.docker.distribution.manifest.list.v2+json' -H 'Accept: application/vnd.docker.distribution.manifest.v2+json' -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/library/amazonlinux/manifests/latest
{"manifests":[{"digest":"sha256:0eefa899a816bf75b072f1c002a9a6d620d2cde73983fee2380533571eb99d20","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"amd64","os":"linux"},"size":529},{"digest":"sha256:6ed3f8651e7e6ae661e3bdac75a80bc532ac90dfae8ce303d866caae3b60b980","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"arm64","os":"linux","variant":"v8"},"size":529}],"mediaType":"application\/vnd.docker.distribution.manifest.list.v2+json","schemaVersion":2}

echo -n '{"manifests":[{"digest":"sha256:0eefa899a816bf75b072f1c002a9a6d620d2cde73983fee2380533571eb99d20","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"amd64","os":"linux"},"size":529},{"digest":"sha256:6ed3f8651e7e6ae661e3bdac75a80bc532ac90dfae8ce303d866caae3b60b980","mediaType":"application\/vnd.docker.distribution.manifest.v2+json","platform":{"architecture":"arm64","os":"linux","variant":"v8"},"size":529}],"mediaType":"application\/vnd.docker.distribution.manifest.list.v2+json","schemaVersion":2}' | sha256sum
a8e94ea6c17f7749b1beb0ac2c3245e0b99804190f31e05f68a0fabb5bea1787  -