为何在Docker映像中报告了docker manifest哈希-摘要与从docker提取的实际manifest哈希不匹配?

时间:2020-05-29 04:05:59

标签: docker docker-registry

我很困惑,试图理解为什么docker pull和docker push之间的sha256清单标签不同。具体示例:

localhost:5000/vault     latest              sha256:c89130e9e494c96f0945235597372b271a991eb7c694f7b42be8d9a23081c1a0   1f50594a34a6        7 days ago          139MB
vault                    latest              sha256:12587718b79dc5aff542c410d0bcb97e7fa08a6b4a8d142c74464a9df0c76d4f   1f50594a34a6        7 days ago          139MB

我怎么来这里

$ docker pull vault:latest
$ docker tag vault:latest localhost:5000/vault:latest
$ docker push localhost:5000/vault:latest

现在,如果我将清单直接从docker hub中拉出

$ export JWT=`curl --silent "https://auth.docker.io/token?scope=repository:library/vault:pull&service=registry.docker.io" | jq -r '.token'`
$ curl  -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -H "Authorization: Bearer $JWT" https://registry-1.docker.io/v2/library/vault/manifests/latest > vault.manifest
$ sha256sum vault.manifest 
c89130e9e494c96f0945235597372b271a991eb7c694f7b42be8d9a23081c1a0  vault.manifest

请注意,这与localhost:5000 / vault:latest的清单哈希匹配,而不是与我期望的vault:latest的哈希匹配。

内容似乎有效(实际文件不会以换行符终止):

{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
   "config": {
      "mediaType": "application/vnd.docker.container.image.v1+json",
      "size": 5223,
      "digest": "sha256:1f50594a34a699528e5c7e867ee3cc342c0975b3dadbdadbbe43722038dad105"
   },
   "layers": [
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 2795580,
         "digest": "sha256:21c83c5242199776c232920ddb58cfa2a46b17e42ed831ca9001c8dbc532d22d"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 1262,
         "digest": "sha256:d710f8cd918f3e623bba547441f6276ca797982edc8ff912ec243acb479e115d"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 49320835,
         "digest": "sha256:fd8d5779418b3613a0f7653926ab66bba7e55f18e3138b0f40dbb9e8434d377d"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 155,
         "digest": "sha256:a42e38f401891da6072bce13bd68a7ebeb2f41ff52719e0a8f0a9d4055d04250"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 1818,
         "digest": "sha256:95183e98f2b7de854a659d9fba801abcf7ddd350c826ac4f9d1a1283850b3752"
      }
   ]
}

此外,我可以在本地注册表中看到清单,并且与清单相同:

$ docker exec -ti determined_curran sha256sum /var/lib/registry/docker/registry/v2/blobs/sha256/c8/c89130e9e494c96f0945235597372b271a991eb7c694f7b42be8d9a23081c1a0/data
c89130e9e494c96f0945235597372b271a991eb7c694f7b42be8d9a23081c1a0  /var/lib/registry/docker/registry/v2/blobs/sha256/c8/c89130e9e494c96f0945235597372b271a991eb7c694f7b42be8d9a23081c1a0/data

当我从docker hub进行拉取时,sha256:12587718b79dc5aff542c410d0bcb97e7fa08a6b4a8d142c74464a9df0c76d4f是哪里来的?

0 个答案:

没有答案
相关问题
最新问题