alexlarsson commented 2 years ago

For example, the current quay.io/centos/centos points to an image manifest list called sha256:8301d100..., which points to an arm64 manifest called sha256:7723d6b5....

But, If i run skopeo --override-arch=arm64 inspect docker://quay.io/centos/centos it only prints:

{
    "Name": "quay.io/centos/centos",
    "Digest": "sha256:8301d100...",
...

I expected to get sha256:7723d6b5..., either as "Digest" itself, or at least available somewhere. Especially since the other information printed, like the layer digests are clearly from the image specific manifest.

alexlarsson commented 2 years ago

Also, while on this topic, i would also like a way to get the digest of the config without having to do skopeo inspect --config --raw | sha256sum

mtrmac commented 2 years ago

Thanks for your report.

skopeo inspect returns digest of manifest list, not the resolved manifest

Yes. That skopeo inspect contains a mix of manifest list data and per-arch data for the current arch is an unfortunate artifact of having to add multi-arch support in a hurry. Sadly we can’t very well change that without risking breaking existing users.

Adding per-arch-digest and config-digest fields to the output is a good idea.

mtrmac commented 2 years ago

1555 will at least make the documentation a bit clearer.

github-actions[bot] commented 2 years ago

A friendly reminder that this issue had no activity for 30 days.

github-actions[bot] commented 6 months ago

A friendly reminder that this issue had no activity for 30 days.

queeup commented 1 week ago

Can't get correct digest hash.

$ podman manifest inspect quay.io/fedora/fedora-silverblue:40
{
    "schemaVersion": 2,
    "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
    "manifests": [
        {
            "mediaType": "application/vnd.oci.image.manifest.v1+json",
            "size": 33153,
            "digest": "sha256:36c453c465763adafbe4d1a19fd1837389172fd7cabe356a316bdae3be298150",
            "platform": {
                "architecture": "amd64",
                "os": "linux"
            }
        },
        {
            "mediaType": "application/vnd.oci.image.manifest.v1+json",
            "size": 32907,
            "digest": "sha256:7cc3ff1f666c3bfdf6705c0c4c8ab5841ca63336172c0e2a01c1909e7bb2b6eb",
            "platform": {
                "architecture": "arm64",
                "os": "linux"
            }
        },
        {
            "mediaType": "application/vnd.oci.image.manifest.v1+json",
            "size": 33523,
            "digest": "sha256:15edae9d74df1a8acf8b0c9c20db34253b229fc50fdd193ac5787492f2b86525",
            "platform": {
                "architecture": "ppc64le",
                "os": "linux"
            }
        }
    ]
}

$ skopeo --override-arch=ppc64le inspect  docker://quay.io/fedora/fedora-silverblue:40  --format {{.Digest}}
sha256:e0f8f940fda3fad2ea05d6d5e83d5a7e73b57d5b7f68e67f96e34042401612b4

$ skopeo --override-arch=arm64 inspect  docker://quay.io/fedora/fedora-silverblue:40  --format {{.Digest}}
sha256:e0f8f940fda3fad2ea05d6d5e83d5a7e73b57d5b7f68e67f96e34042401612b4

$ skopeo --override-arch=amd64 inspect  docker://quay.io/fedora/fedora-silverblue:40  --format {{.Digest}}
sha256:e0f8f940fda3fad2ea05d6d5e83d5a7e73b57d5b7f68e67f96e34042401612b4

$ podman inspect quay.io/fedora/fedora-silverblue:40 | jq '[ .[] | { Digest: .Digest, RepoDigests: .RepoDigests } ]'
[
  {
    "Digest": "sha256:36c453c465763adafbe4d1a19fd1837389172fd7cabe356a316bdae3be298150",
    "RepoDigests": [
      "quay.io/fedora/fedora-silverblue@sha256:36c453c465763adafbe4d1a19fd1837389172fd7cabe356a316bdae3be298150",
      "quay.io/fedora/fedora-silverblue@sha256:e0f8f940fda3fad2ea05d6d5e83d5a7e73b57d5b7f68e67f96e34042401612b4"
    ]
  }
]

containers / skopeo

skopeo inspect should provide per-arch manifest digest and config digest values #1554

1555 will at least make the documentation a bit clearer.