I am trying to understand the relationship between the image id reported by docker images (or docker inspect ) and the actual layers or images in the registry or manifests (using v2).
I run docker images, I get (abbreviated and modified to protect the not-very-innocent):
REPOSITORY TAG IMAGE ID my.local.registry/some/image latest abcdefg
If I pulled out the manifest for the above image using the API, I get one that contains fsLayers , and not one of them (full) ID for the image. I get this as the image is the sum of the layers.
However, if I pulled this image elsewhere, I get the same ID. If I update the image, click and drag it out, the new version will have a new identifier.
I thought it could be a hash of the manifest. However, (a) pulling the manifest through the API does not return the hash of the manifest in JSON and (b) looks in the registry directory itself, sha256 for this manifest in /var/lib/registry/v2/repositories/some/image/_manifests/tags/latest/current/link (or in) give the correct link for a manifest that has been loaded but does not match the image id.
I assumed that the image identifier matches the blob, but maybe I'm wrong?
source share