Docker映像摘要如何计算？ [英] How is digest of Docker image calculated?

问题描述

摘要是docker映像的sha256哈希，但是映像实际上不是单个文件，而是一组图层。我以为摘要是Image清单文件上的sha256哈希，但是我已经计算了众多清单文件的sha256哈希，并将结果与​​提供图像的摘要docker进行了比较，它们是diff。那么，sha256哈希表到底是什么来创建图像摘要值？

A digest is the sha256 hash of a docker image, but an image is not really a single file but rather a set of layers. I assumed the digest was the sha256 hash over the Image manifest file, but I have computed the sha256 hash of numerous manifest files and compared the result to the digest docker provide for the image and they are diff. So what exactly is being sha256-hashed to create the Image digest value?

推荐答案

图像摘要是清单主体的摘要，而没有签名内容。确保您在排除它之前将其排除。

Image Digest is the digest of manifest body without the signature content. Make sure you exclude it before caclutae it.

https://docs.docker.com/registry/spec/api/#content-digests

摘要标头

要提供http内容的验证，任何响应都可以包含Docker-Content-Digest标头。这将包括响应中返回的目标实体的摘要。对于Blob，这是整个Blob内容。 对于清单，这是没有签名内容的清单主体，也称为JWS有效负载。请注意，摘要计算中常用的规范化可能取决于内容的媒体类型，例如清单。

DIGEST HEADER

To provide verification of http content, any response may include a Docker-Content-Digest header. This will include the digest of the target entity returned in the response. For blobs, this is the entire blob content. For manifests, this is the manifest body without the signature content, also known as the JWS payload. Note that the commonly used canonicalization for digest calculation may be dependent on the mediatype of the content, such as with manifests.

这篇关于Docker映像摘要如何计算？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！