Open alexlarsson opened 2 years ago
Also, while on this topic, i would also like a way to get the digest of the config without having to do skopeo inspect --config --raw | sha256sum
Thanks for your report.
skopeo inspect returns digest of manifest list, not the resolved manifest
Yes. That skopeo inspect
contains a mix of manifest list data and per-arch data for the current arch is an unfortunate artifact of having to add multi-arch support in a hurry. Sadly we can’t very well change that without risking breaking existing users.
Adding per-arch-digest and config-digest fields to the output is a good idea.
A friendly reminder that this issue had no activity for 30 days.
A friendly reminder that this issue had no activity for 30 days.
Can't get correct digest hash.
$ podman manifest inspect quay.io/fedora/fedora-silverblue:40
{
"schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
"manifests": [
{
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"size": 33153,
"digest": "sha256:36c453c465763adafbe4d1a19fd1837389172fd7cabe356a316bdae3be298150",
"platform": {
"architecture": "amd64",
"os": "linux"
}
},
{
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"size": 32907,
"digest": "sha256:7cc3ff1f666c3bfdf6705c0c4c8ab5841ca63336172c0e2a01c1909e7bb2b6eb",
"platform": {
"architecture": "arm64",
"os": "linux"
}
},
{
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"size": 33523,
"digest": "sha256:15edae9d74df1a8acf8b0c9c20db34253b229fc50fdd193ac5787492f2b86525",
"platform": {
"architecture": "ppc64le",
"os": "linux"
}
}
]
}
$ skopeo --override-arch=ppc64le inspect docker://quay.io/fedora/fedora-silverblue:40 --format {{.Digest}}
sha256:e0f8f940fda3fad2ea05d6d5e83d5a7e73b57d5b7f68e67f96e34042401612b4
$ skopeo --override-arch=arm64 inspect docker://quay.io/fedora/fedora-silverblue:40 --format {{.Digest}}
sha256:e0f8f940fda3fad2ea05d6d5e83d5a7e73b57d5b7f68e67f96e34042401612b4
$ skopeo --override-arch=amd64 inspect docker://quay.io/fedora/fedora-silverblue:40 --format {{.Digest}}
sha256:e0f8f940fda3fad2ea05d6d5e83d5a7e73b57d5b7f68e67f96e34042401612b4
$ podman inspect quay.io/fedora/fedora-silverblue:40 | jq '[ .[] | { Digest: .Digest, RepoDigests: .RepoDigests } ]'
[
{
"Digest": "sha256:36c453c465763adafbe4d1a19fd1837389172fd7cabe356a316bdae3be298150",
"RepoDigests": [
"quay.io/fedora/fedora-silverblue@sha256:36c453c465763adafbe4d1a19fd1837389172fd7cabe356a316bdae3be298150",
"quay.io/fedora/fedora-silverblue@sha256:e0f8f940fda3fad2ea05d6d5e83d5a7e73b57d5b7f68e67f96e34042401612b4"
]
}
]
For example, the current
quay.io/centos/centos
points to an image manifest list calledsha256:8301d100...
, which points to an arm64 manifest calledsha256:7723d6b5...
.But, If i run
skopeo --override-arch=arm64 inspect docker://quay.io/centos/centos
it only prints:I expected to get
sha256:7723d6b5...
, either as "Digest" itself, or at least available somewhere. Especially since the other information printed, like the layer digests are clearly from the image specific manifest.