Docker 历史基础镜像地址:sha256hash [英] Docker History Base Image Add:sha256hash
问题描述
我试图更好地理解 docker history
输出.当我运行 docker history nginx:latest
我得到的输出几乎匹配
参见issue 25925:每个层都存储在(例如)/var/lib/docker/aufs/mnt/
.
所以<代码>添加文件:89ecb642d662ee7edbb868340551106d51336c7e589fdaca4111725ec64da95 代码>将增加在<代码>的/var/lib中/泊坞窗/AUFS到/mnt/89ecb642d662ee7edbb868340551106d51336c7e589fdaca4111725ec64da95 代码>找到的所有文件
(注意:我在Docker 输出中缺少层 ID 中提到了 (nop)
部分a>")
I'm trying to better understand the docker history
output. When I run docker history nginx:latest
I get output that nearly matches the Dockerfile:
/bin/sh -c #(nop) CMD ["nginx" "-g" "daemon off;"]
/bin/sh -c #(nop) EXPOSE 443/tcp 80/tcp/bin/sh -c ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log
/bin/sh -c apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 && echo "deb http://nginx.org/packages/mainline/debian/ jessie nginx" >> /etc/apt/sources.list && apt-get update && apt-get install --no-install-recommends --no-install-suggests -y ca-certificates nginx=${NGINX_VERSION} nginx-module-xslt nginx-module-geoip nginx-module-image-filter nginx-module-perl nginx-module-njs gettext-base && rm -rf /var/lib/apt/lists/*
/bin/sh -c #(nop) ENV NGINX_VERSION=1.11.9-1~jessie
/bin/sh -c #(nop) MAINTAINER NGINX Docker Maintainers "docker-maint@nginx.com"
/bin/sh -c #(nop) CMD ["/bin/bash"]
/bin/sh -c #(nop) ADD file:89ecb642d662ee7edbb868340551106d51336c7e589fdaca4111725ec64da957 in /
with three notable exceptions
- All of the lines start with
/bin/sh -c #(nop)
except for the third line which is theRUN
command in the Dockerfile - no big deal - The commands are in reverse (the last command in the Dockerfile is the first command listed with
docker history
) - also no big deal This one's the kicker - The
FROM debian:jessie
line from the Dockerfile is translated to:ADD file:89ecb642d662ee7edbb868340551106d51336c7e589fdaca4111725ec64da957 in /
CMD ["/bin/bash"]
It took me a little while to realize that the last two commands above (the ADD
and CMD ["/bin/bash"]
lines) were carried over from the base image debian:jessie
. Once I figured that out, I thought to myself, "self, the file:89ec...da957
must be the sha256 hash of the rootfs.tar.xz included as the file system. But no, the sha256 hash of the rootfs.tar.xz is 467328e24c316fd058f086eb8eb77706f3f448ad8886d202e7c9687d30692eca
.
Herein lies my question: Where does the hash listed in docker history
come from? And why is it different than the actual hash of rootfs.tar.xz?
I've thoroughly reviewed much of Docker's documentation, with no luck, including:
- https://docs.docker.com/engine/userguide/storagedriver/imagesandcontainers/
- https://docs.docker.com/engine/reference/commandline/history/
- https://docs.docker.com/engine/reference/builder/
The hash is consistent across all images that use debian:jessie
as the base image. Even docker history debian:jessie
shows the same hash:
/bin/sh -c #(nop) CMD ["/bin/bash"]
/bin/sh -c #(nop) ADD file:89ecb642d662ee7edbb868340551106d51336c7e589fdaca4111725ec64da957 in /
and I think you might agree, that there is only one file that could possibly have a hash in the debian:jessie
Dockerfile:
FROM scratch
ADD rootfs.tar.xz /
CMD ["/bin/bash"]
If anyone could provide some insight or point me to a resource I have yet to find, it would be much appreciated.
The docker brew debian image is made of intermediate containers, as described in "Understand images, containers, and storage drivers".
See issue 25925: each layer being stored in (for instance) /var/lib/docker/aufs/mnt/
.
So ADD file:89ecb642d662ee7edbb868340551106d51336c7e589fdaca4111725ec64da95
would add all files found in /var/lib/docker/aufs/mnt/89ecb642d662ee7edbb868340551106d51336c7e589fdaca4111725ec64da95
.
(Note: I mentioned the (nop)
part in "Docker missing layer IDs in output")
这篇关于Docker 历史基础镜像地址:sha256hash的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!