Feature request: show image IDs/SHAs

[mdub]

It would be really handy if tagfish could show image IDs and/or SHAs related to a tag. Perhaps a --verbose mode?

[diist]

It's trivial with the V1 API, but with V2 I can't seem to get the hash of a given tag in the manifest, see https://github.com/docker/distribution/blob/master/docs/spec/api.md#pulling-an-image-manifest

I'll leave this open because it needs more investigation.

[mdub]

Hmm, I see what you mean about the V2 API. In fact, it looks like there are now 2 V2 manifest formats to contend with:

• https://github.com/docker/distribution/blob/master/docs/spec/manifest-v2-1.md
• https://github.com/docker/distribution/blob/master/docs/spec/manifest-v2-2.md

For v2-1, can we assume that fslayers[0].blobSum works as an "image id"?

For v2-2, is config.digest the right thing to use?

[diist]

If we can differentiate easily between v2-1 and v2-2, then assuming fslayers[0].blobSum would be fine; that's how it was done before (see a7b3b0e).

However, for v2-2, I don't see config.digest anywhere 😞 You can have a look by yourself against a Registry v2 by doing:

curl -s -u user:password https://registry.something.mydomain.com.au/v2/myorg/myrepo/manifests/mytag | jq .

[diist]

It's in the header! Under Docker-Content-Digest

[diist]

From latest experiments, it looks like the Header's Docker-Content-Digest is not the same thing as the sha returned by docker pull and used in Dockerfiles.

docker inspect is useless too:

$ docker pull hello-world
latest: Pulling from library/hello-world
Digest: sha256:e52be8ffeeb1f374f440893189cd32f44cb166650e7ab185fa7735b7dc48d619

$ docker inspect hello-world | jq '.[0]["Id"]'
"sha256:693bce72514984f01f217e878d143162b5f4c1b83b018e7e6dc7394f055e7cd5"

$ docker inspect hello-world | jq '.[0]["ContainerConfig"]["Image"]'
"sha256:90c0b2441723b5f249063d242af2b0c222f921545efcd0c3c65d979c647b70f7"

$ docker inspect hello-world | jq '.[0]["RootFS"]["Layers"][0]'
"sha256:73136b8e0c4d588d7af58be522344e3cd4d54931a93d9b489d7063e23d30361e"

[diist]

Here's how to get the digest properly:

$ docker pull registry.cowbell.realestate.com.au/cowbell/ubuntu-ruby2.3
Using default tag: latest
latest: Pulling from cowbell/ubuntu-ruby2.3
Digest: sha256:744037ad4ce1ffe7539a4564a166a92afad5a92f8be5b4aeb95d31beedb6bf80
Status: Image is up to date for registry.cowbell.realestate.com.au/cowbell/ubuntu-ruby2.3:latest

$ curl -I -H "Accept: application/vnd.docker.distribution.manifest.v2+json" -u$(get-a-slip) https://registry.cowbell.realestate.com.au/v2/cowbell/ubuntu-ruby2.3/manifests/latest
HTTP/1.1 200 OK
Content-Length: 2812
Content-Type: application/vnd.docker.distribution.manifest.v2+json
Date: Tue, 04 Oct 2016 11:18:48 GMT
Docker-Content-Digest: sha256:744037ad4ce1ffe7539a4564a166a92afad5a92f8be5b4aeb95d31beedb6bf80
Docker-Distribution-Api-Version: registry/2.0
Docker-Distribution-Api-Version: registry/2.0
Etag: "sha256:744037ad4ce1ffe7539a4564a166a92afad5a92f8be5b4aeb95d31beedb6bf80"
Server: openresty
X-Auth-UserId: 822908674847_root
X-Content-Type-Options: nosniff
Connection: keep-alive

The trick was Accept: application/vnd.docker.distribution.manifest.v2+json (see https://docs.docker.com/registry/spec/manifest-v2-2/)