Question: how to inspect local image?

[qsLI]

Can we skip pulling from hub，using local image insted？ My image is imported via command docker load -i， and it's not avaliable in registry.

[dunklesToast]

For me it simply worked by using dive 482ca299fbe2. You can just put the image id or name / tag in there. Fetching image does not mean it's being pulled from Docker Hub, it's just fetching the image from the Docker Daemon as far as I understood.

[indera-shsp]

Does inspecting a local image create large temporary files? and where are they stored?

[abitrolly]

@indera-shsp at least for podman inspecting uses podman image save which streams image in .tar format to stdout.

https://github.com/wagoodman/dive/blob/c7d121b3d72aeaded26d5731819afaf49b686df6/dive/image/podman/resolver_linux.go#L36

Then the image is parsed on the fly.

https://github.com/wagoodman/dive/blob/c7d121b3d72aeaded26d5731819afaf49b686df6/dive/image/docker/image_archive.go#L23

[oskar-gmerek]

I have similar problem.

dive fbbae5f27e2a
Image Source: docker://fbbae5f27e2a
Fetching image... (this can take a while for large images)
Handler not available locally. Trying to pull 'fbbae5f27e2a'...
Using default tag: latest
Error response from daemon: failed to resolve reference "docker.io/library/fbbae5f27e2a:latest": pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed
cannot fetch image
exit status 1

This is local image, not available on hub. In above example I trying to dive via image id, but I also tried with image tag and get the same output.

[fedulovivan]

Still not possible to dive into local image neither by its name, nor by id. dive 40bea9d7fd53 gives cannot fetch image docker inspect 40bea9d7fd53 succeeds!

Workaround is wrappring into script like:

IMAGE_NAME="${1}"
TMP_FILE=/tmp/dive-tmp-image.tar
docker save "$IMAGE_NAME" > $TMP_FILE && dive $TMP_FILE --source=docker-archive && rm $TMP_FILE

[yehudamakarov]

this definitely used to work for me (way after this issue was opened), i thought i was crazy and i see everyone else can't dive b2b32512c2cf i'm using docker desktop and maybe dive is trying to use the default context?

dive b2b32512c2cf
Image Source: docker://b2b32512c2cf
Fetching image... (this can take a while for large images)
Handler not available locally. Trying to pull 'b2b32512c2cf'...
Using default tag: latest
Error response from daemon: pull access denied for b2b32512c2cf, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
cannot fetch image
exit status 1

[mark2185]

@yehudamakarov could you try building the branch fix/docker-context from source and test it out to see if it helps?

Just running go run main.go b2b32512c2cf should work.

[cdepillabout]

I had the same question of how to inspect a local docker image in a tarball.

The docker image I am working with is built by nix using dockerTools, so it is a gzipped tarball.

I was able to easily inspect it with dive like the following:

$ nix-build ... # build the docker image
...
/nix/store/q9hl1xlcyglqlc4jp0yzm7riajjymmrg-my-docker-image.tar.gz
$ dive --source docker-archive <(gunzip -c /nix/store/q9hl1xlcyglqlc4jp0yzm7riajjymmrg-my-docker-image.tar.gz)

This uses gunzip to unzip the tarball on the fly, and pass the unzipped tarball to dive.

[iamludal]

Same as @yehudamakarov, it used to work for me, but it does not anymore. I tried @mark2185's solution, but it does not seem to work either:

cannot fetch image
could not find image config
exit status 1

EDIT : I was running version 0.11.0, and upgrading to 0.12.0 seemed to solve the problem.

[mikejwhat]

this is annoying

[3manuek]

I upgraded to version 0.12.0 on Darwin and it works for me now.

[yehudamakarov]

i've been noticing it has been working for me not sure what the difference is. i was on 0.11.0

[parallaxe]

Still having this issue on macOS 14.3. Updated dive to 0.12 and Docker Desktop to 4.30.0. Didn't help. Any more ideas?

Image Source: docker://1717b97bca46
Fetching image... (this can take a while for large images)
Handler not available locally. Trying to pull '1717b97bca46'...
Using default tag: latest
Error response from daemon: pull access denied for 1717b97bca46, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
cannot fetch image
exit status 1

[orensbruli]

+1

[sourcecodemage]

I get a different error using :

• homebrew
• Macbook M1
• macOS 14.5
• dive 0.12.0
• Docker Desktop

dive eea501fd5002 Image Source: docker://eea501fd5002 Fetching image... (this can take a while for large images) cannot fetch image could not find 'blobs/sha256/30925498a597bd44ffd2e5cf104fa3e4d62284f466e5294dc2aa199c1e6b7fae' in parsed layers

[andreish]

dive version dive 0.12.0

not working :

dive 3d3ce4619eab  --source=docker 
Image Source: docker://3d3ce4619eab
Fetching image... (this can take a while for large images)
Handler not available locally. Trying to pull '3d3ce4619eab'...
Using default tag: latest
Error response from daemon: pull access denied for 3d3ce4619eab, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
cannot fetch image

docker version 
Client: Docker Engine - Community
 Version:           27.3.1

docker inspect works:

docker inspect 3d3ce4619eab | head -n 10
[
    {
        "Id": "3d3ce4619eab5e76267b67cf344623891ac0e191d5d943b01242b97260519fba",
        "Created": "2024-09-25T21:08:07.43788861Z",
        "Path": "/entrypoint.sh",
        "Args": [],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false

[abitrolly]

@andreish need to ensure that your shell and dive are using the same docker daemon with the same environment variables. I would start to put more print statements around here https://github.com/wagoodman/dive/blob/925cdd86482edec42185794620a1e616b79bbee5/dive/image/docker/engine_resolver.go#L89

[stringang]

dive version dive 0.12.0

working normally

dive 131f24102f9ebc5fb2e4b024f97 --source=docker

[djamaile]

Have the same issue, can confirm that @fedulovivan script works. You can just wrap it into a function

function dive_local
    set IMAGE_NAME $argv[1]

    if test -z "$IMAGE_NAME"
        echo "Usage: dive_local_image <image_name_or_id>"
        return 1
    end

    set TMP_FILE (mktemp /tmp/dive-tmp-image.XXXXXX.tar)
    docker save "$IMAGE_NAME" > "$TMP_FILE"
    if test $status -eq 0
        dive "$TMP_FILE" --source=docker-archive
        rm "$TMP_FILE"
    else
        echo "Failed to save Docker image."
        rm "$TMP_FILE"
        return 1
    end
end

dive_local <image-id>

[ondrovic]

Having a similar issue when trying to inspect local images using docker desktop on windows

Image Source: docker://bccad7447e2a
Fetching image... (this can take a while for large images)
cannot fetch image
could not find 'blobs/sha256/e9e6580aad05144f1c93d072d5ee99b65ba05edbbc6cc3b3dc02d8ba24a2ac99' in parsed layers

Info

docker info
Client:
 Version:    27.2.0
 Context:    desktop-linux
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.16.2-desktop.1
    Path:     C:\Program Files\Docker\cli-plugins\docker-buildx.exe
  compose: Docker Compose (Docker Inc.)
    Version:  v2.29.2-desktop.2
    Path:     C:\Program Files\Docker\cli-plugins\docker-compose.exe
  debug: Get a shell into any image or container (Docker Inc.)
    Version:  0.0.34
    Path:     C:\Program Files\Docker\cli-plugins\docker-debug.exe
  desktop: Docker Desktop commands (Alpha) (Docker Inc.)
    Version:  v0.0.15
    Path:     C:\Program Files\Docker\cli-plugins\docker-desktop.exe
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.2
    Path:     C:\Program Files\Docker\cli-plugins\docker-dev.exe
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.25
    Path:     C:\Program Files\Docker\cli-plugins\docker-extension.exe
  feedback: Provide feedback, right in your terminal! (Docker Inc.)
    Version:  v1.0.5
    Path:     C:\Program Files\Docker\cli-plugins\docker-feedback.exe
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v1.3.0
    Path:     C:\Program Files\Docker\cli-plugins\docker-init.exe
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     C:\Program Files\Docker\cli-plugins\docker-sbom.exe
  scout: Docker Scout (Docker Inc.)
    Version:  v1.13.0
    Path:     C:\Program Files\Docker\cli-plugins\docker-scout.exe

Server:
 Containers: 6
  Running: 6
  Paused: 0
  Stopped: 0
 Images: 11
 Server Version: 27.2.0
 Storage Driver: overlayfs
  driver-type: io.containerd.snapshotter.v1
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 nvidia runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 8fc6bcff51318944179630522a095cc9dbf9f353
 runc version: v1.1.13-0-g58aa920
 init version: de40ad0
 Security Options:
  seccomp
   Profile: unconfined
 Kernel Version: 5.15.153.1-microsoft-standard-WSL2
 Operating System: Docker Desktop
 OSType: linux
 Architecture: x86_64
 CPUs: 32
 Total Memory: 31.29GiB
 Name: docker-desktop
 ID: 64560818-ff19-4724-9534-7083b61a9b57
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Labels:
  com.docker.desktop.address=npipe://\\.\pipe\docker_cli
 Experimental: false
 Insecure Registries:
  hubproxy.docker.internal:5555
  127.0.0.0/8
 Live Restore Enabled: false

Built using

 docker build --no-cache -t <img name> .

 # also tried
 dive build -t <img name> .
Image Source: docker://
Fetching image... (this can take a while for large images)
Handler not available locally. Trying to pull ''...
"docker pull" requires exactly 1 argument.
See 'docker pull --help'.

Usage:  docker pull [OPTIONS] NAME[:TAG|@DIGEST]

Download an image from a registry
cannot fetch image
exit status 1

Tried using --source the following ways

 desktop-linux
 docker-desktop
 docker

Sadly they all failed

[abitrolly]

@ondrovic

I know this used to work

Can you prove it?

[ondrovic]

@ondrovic

I know this used to work

Can you prove it?

No as a matter of fact, based on your question I spent the last 15 mins trying every version since release and can no confirm without a doubt that it never worked :-D

[abitrolly]

@ondrovic then it is useless for the sake of this discussion. There are old versions that you can try, but if might have used local name instead of hash. It could be the case that Docker changed the protocol, but without proof that it worked, your issue report is useless. It doesn't specify the version of dive used, the image, and doesn't show that you've read the thread and tried workarounds. I am just trying to explain the downvote without giving one myself. )

In any case, the project doesn't have any funding and is not maintained. I guess the only way a new releases are made is when problem is escalated with some corporation and they give @wagoodman money to spend time on fixing it.

[GeorgeAndreiBals]

On dive 0.12.0 I can inspect a local image just fine with dive <image tag>

[loretoparisi]

image

Uhm using

% dive --version            
dive 0.12.0

when running dive image tag I get

accepts at most 1 arg(s), received 2

[loretoparisi]

the only solution worked was the script by @fedulovivan Here I have added optional deletion to speed up further inspection

#!/bin/bash

IMAGE_NAME="${1}"
DELETE_FILE="${2}"  # yes | no

# Check if the image file exists
if [ -f "$TMP_FILE" ]; then
    echo "Image file $TMP_FILE already exists. Skipping docker save."
else
    docker save "$IMAGE_NAME" > $TMP_FILE
fi

# Run dive on the image file
dive $TMP_FILE --source=docker-archive

# Check if the user wants to delete the file
if [ "$DELETE_FILE" == "yes" ]; then
    echo "Deleting the temporary file $TMP_FILE."
    rm $TMP_FILE
else
    echo "Keeping the temporary file $TMP_FILE."
fi

./divelocal image
./divelocal image
./divelocal image yes

[DeanAyalon]

image

Uhm using

% dive --version            
dive 0.12.0

when running dive image tag I get

accepts at most 1 arg(s), received 2

You're doing image tag instead of image:tag, is that intentional?

[lloeki]

One-liner without temporary files:

dive <(docker save your/image:tag) --source=docker-archive

Those that say "works for me" are probably running dive on the same Linux machine (including being a VM) as the Docker storage. On macOS it goes through a Linux VM, so falls back to pulling:

Handler not available locally. Trying to pull 'wh4t3v3r'

Which will fail:

• loudly if the image is local-only (not published) or behind authentication (when unauthenticated).
• silently if the image with the same name is pushed (it'll pull that version instead of the local one, which may differ, which means you'll be looking at the wrong thing)

Probably, as a sane default, when unable to get to the local storage it should:

1. fall back to trying to read from docker save as above instead
2. if (and only if) the image/tag is not present locally, attempt to pull and do 1.