Menu
This has been surprisingly confusing for me. I thought Docker's Image ID is its SHA256 hash. However, apparently the result from docker image ls --digests (listed under the column header DIGEST) is different from the IMAGE ID of that image.
For example
docker image ls --digests alpine REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE alpine latest sha256:769fddc7cc2f0a1c35abb2f91432e8beecf83916c421420e6a6da9f8975464b6 055936d39205 2 weeks ago 5.53MB while
docker image ls --no-trunc REPOSITORY TAG IMAGE ID CREATED SIZE ... alpine latest sha256:055936d3920576da37aa9bc460d70c5f212028bda1c08c0879aedf03d7a66ea1 2 weeks ago 5.53MB Clearly sha256:055936d3920576da37aa9bc460d70c5f212028bda1c08c0879aedf03d7a66ea1 (IMAGE ID) and sha256:769fddc7cc2f0a1c35abb2f91432e8beecf83916c421420e6a6da9f8975464b6 (DIGEST) are not the same value. But why? What's the purpose of having two different sha256 hashes of the same image. How are they calculated, respectively?
I was confused by this when reading the book Docker Deep Dive, and I haven't been able to find a clear answer either in the book or online.
637
Pulling an image using name@sha256:digest A digest is an id that is automatically created during build time and cannot be changed (immutable).
A Docker image's ID is a digest, which contains an SHA256 hash of the image's JSON configuration object. Docker creates intermediate images during a local image build, for the purposes of maintaining a build cache. An image manifest is created and pushed to a Docker registry when an image is pushed.
Like IMAGE ID, CONTAINER ID is the true identifier for the container. It has the same form, but it identifies a different kind of object. docker ps only outputs running containers. You can view all containers (running or stopped) with docker ps -a.
Thanks for michalk's comment. The short answer is:
91
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
