Menu
A digest is the sha256 hash of a docker image, but an image is not really a single file but rather a set of layers. I assumed the digest was the sha256 hash over the Image manifest file, but I have computed the sha256 hash of numerous manifest files and compared the result to the digest docker provide for the image and they are diff. So what exactly is being sha256-hashed to create the Image digest value?
859
Image Digest is the digest of manifest body without the signature content. Make sure you exclude it before calculating it.
https://docs.docker.com/registry/spec/api/#content-digests
DIGEST HEADER
To provide verification of http content, any response may include a Docker-Content-Digest header. This will include the digest of the target entity returned in the response. For blobs, this is the entire blob content. For manifests, this is the manifest body without the signature content, also known as the JWS payload. Note that the commonly used canonicalization for digest calculation may be dependent on the mediatype of the content, such as with manifests.
139
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
