Obtaining a docker image's parent images

Question

Is there a way to obtain the docker parent image tree for a given image? I know docker history IMG_NAME will provide an image id for the current image you're working with but everything else is missing. I've read this was taken out in v1.10 for security concerns but it seems to be a larger concern not being able to verify the tree of images that a final image was created from.

The other other thing I've found is docker save IMG_NAME -o TAR_OUTPUT.tar which will let you view all of the files in each layer but that seems pretty tedious.

How can I be assured that the only things modified in a given image for a piece of software is the installation and configuration of the software itself. It seems that being able to see the changes in the Dockerfiles used to generated each successive image would be an easy way to verify this.

Answer 1

Apart from has been said by chintan thakar, you will have to iterate maybe several times.

An example should clarify this

Suppose you want to dig into an image, and the Dockerfile to create this image starts with

FROM wordpress

so you go to

https://hub.docker.com/_/wordpress/

have a look at the Dockerfile, and you notice that

https://github.com/docker-library/wordpress/blob/0a5405cca8daf0338cf32dc7be26f4df5405cfb6/php5.6/apache/Dockerfile

starts with

FROM php:5.6-apache

so you go to the PHP 5.6 reference at

https://github.com/docker-library/php/blob/eadc27f12cfec58e270f8e37cd1b4ae9abcbb4eb/5.6/apache/Dockerfile

and you find the Dockerfile starts with

FROM debian:jessie

so you go to the Dockerfile of Debian jessie at

https://github.com/debuerreotype/docker-debian-artifacts/blob/af5a0043a929e0c87f7610da93bfe599ac40f29b/jessie/Dockerfile

and notice that this image is built like this

FROM scratch ADD rootfs.tar.xz / CMD ["bash"]

So you will need to do this if you want to see from where all the files come.

If there is a security issue notified, you will also need to do this, in order to know if you are concerned or not.