docker的小秘密--digests仓库校验码（如何修改digests）

本文主要是介绍docker的小秘密--digests仓库校验码（如何修改digests），希望对大家解决编程问题提供一定的参考价值，需要的开发者们随着小编来一起学习吧！

docker镜像的下载和上传相信很多同学都非常熟悉，但，其中的一些细节我想可能未必清楚，下面是一个pull镜像示例：

下载的镜像是httpd最新版，其中的第五行说的是确认校验码，这个数据层对应的ID是dcc469，这个是pull的过程，pull结束是这样的：

上图倒数第三行就是仓库校验码 digest了，那么这个digest是多少位的呢？仅仅是64位，不相信的同学可以数数看，哈哈。

经过以上的pull操作，我们已经将httpd这个镜像下载到本地了，我们可以查看一下镜像的详细信息了：

[root@slave2 ~]# docker images --digests
REPOSITORY                                                                     TAG                    DIGEST                                                                    IMAGE ID       CREATED         SIZE
registry.hand-china.com/tools/redis                                            6.2.6-debian-10-r120   <none>                                                                    74f63995c626   4 months ago    95.2MB
httpd                                                                          latest                 sha256:0954cc1af252d824860b2c5dc0a10720af2b7a3d3435581ca788dff8480c7b32   dabbfbe0c57b   6 months ago    144MB
registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller   none                   sha256:3dd0fac48073beaca2d67a78c746c7593f9c575168a17139a9955a82c63c4b9a   435df390f367   16 months ago   279MB
registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller   none                   sha256:3ff0fac48073beaca2d67a78c746c7593f9c575168a17139a9955a82c63c4b9a   435df390f367   16 months ago   279MB
registry.cn-shanghai.aliyuncs.com/c7n/nfs-client-provisioner                   v3.1.0-k8s1.11         <none>                                                                    e47e31bbe424   18 months ago   49.8MB
jettech/kube-webhook-certgen                                                   v1.5.1                 <none>                                                                    a013daf8730d   19 months ago

我的机器里有很多的镜像，刚才下载的httpd镜像有仓库校验码，而最后一个镜像是没有的，那么，现在就有几个问题了，第一，digest到底是什么玩意，第二，它能干什么？第三，可以修改这个digest吗？下面就开始详细介绍 digest

一，什么是digest

根据官网给出的定义是：

使用V2以及V2以上格式的镜像将会有一个叫做digest的内容可寻址标识符。

根据定义来看，这个digest其实就是就是根据镜像内容产生的一个ID，官网上说，只要用于产生这个image的输入不变，那么digest就是可以预测的，换句话说只要镜像的内容不变digest也不会变。而这个digest主要是用在仓库内的。

那么，我们上面 pull httpd这个镜像，其实是可以两种方式pull的，比如，

简单的pull，docker pull httpd 这个时候使用的是阿里云的镜像仓库

带digestpull docker pull httpd@sha256:0954cc1af252d824860b2c5dc0a10720af2b7a3d3435581ca788dff8480c7b32 而这个时候，我们希望是从另一个私有的自己搭建的仓库拉取镜像，不希望这个镜像有一点点的改变，比如自己搭建的harbor私有仓库。当然，私有仓库内的该镜像也必须带有这个digest才可以正确拉取到哦。

二，带校验码拉取镜像可以保证我们拉取的镜像一定是一个正确的可以校验的镜像，保证内容是正确的。这个就是digest的功能。

三，

如何修改digest？

假设已经有一个镜像拉取到本地了，但我们发现它没有digest或者digest不是我们想要的，怎么办呢？

（1）

查看docker的存储路径，也就是查看启动脚本定义的路径

[root@slave1 ~]# cat /etc/systemd/system/docker.service 
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
After=network-online.target firewalld.service
Wants=network-online.target[Service]
Type=notify
ExecStart=/usr/local/bin/dockerd --graph=/var/lib/docker
ExecReload=/bin/kill -s HUP $MAINPID
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity
TimeoutStartSec=0
Delegate=yes
KillMode=process
Restart=on-failure
StartLimitBurst=3
StartLimitInterval=60s[Install]
WantedBy=multi-user.target

（2）

进入镜像数据层目录，可以看到一个文件，repositories.json

[root@slave1 overlay2]# pwd
/var/lib/docker/image/overlay2
[root@slave1 overlay2]# ll
total 4
drwx------ 4 root root   58 Jun 13 00:10 distribution
drwx------ 4 root root   37 Jun 12 19:54 imagedb
drwx------ 5 root root   45 Jun 13 00:10 layerdb
-rw------- 1 root root 3278 Jun 28 12:09 repositories.json

[root@slave1 overlay2]# cat repositories.json 
{"Repositories":{"httpd":{"httpd:latest":"sha256:dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34","httpd@sha256:0954cc1af252d824860b2c5dc0a10720af2b7a3d3435581ca788dff8480c7b32":"sha256:dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34"},"jettech/kube-webhook-certgen":{"jettech/kube-webhook-certgen:v1.5.1":"sha256:a013daf8730dbb3908d66f67c57053f09055fddb28fde0b5808cb24c27900dc8","jettech/kube-webhook-certgen@sha256:950833e19ade18cd389d647efb88992a7cc077abedef343fa59e012d376d79b7":"sha256:a013daf8730dbb3908d66f67c57053f09055fddb28fde0b5808cb24c27900dc8"},"quay.io/coreos/flannel":{"quay.io/coreos/flannel:v0.13.0":"sha256:e708f4bb69e310904d564a1e67c3833d6a0428d3cf8dd9b9abba25c7aa0f3dfe"},"registry.cn-hangzhou.aliyuncs.com/google_containers/coredns":{"registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.7.0":"sha256:bfe3a36ebd2528b454be6aebece806db5b40407b833e2af9617bf39afaff8c16"},"registry.cn-hangzhou.aliyuncs.com/google_containers/etcd":{"registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.13-0":"sha256:0369cf4303ffdb467dc219990960a9baa8512a54b0ad9283eaf55bd6c0adb934"},"registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy":{"registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.19.3":"sha256:cdef7632a242bc23fd6abf4e42b4ea36706d096ccef09cc855d4ad057db822d7","registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy@sha256:1f99b26aad3a90358ad83b4065cf59002b5a913e839b70744caff4a84315a2e7":"sha256:cdef7632a242bc23fd6abf4e42b4ea36706d096ccef09cc855d4ad057db822d7"},"registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler":{"registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.19.3":"sha256:aaefbfa906bd854407acc3495e8a3b773bb3770e4a36d836f7fd3255c299ab25"},"registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller":{"registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller@sha256:3dd0fac48073beaca2d67a78c746c7593f9c575168a17139a9955a82c63c4b9a":"sha256:435df390f3673c475f60eac1ed1c12fd1aea2e8a083927325aa6d5c969c5c8d2"},"registry.cn-hangzhou.aliyuncs.com/google_containers/pause":{"registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2":"sha256:80d28bedfe5dec59da9ebf8e6260224ac9008ab5c11dbbe16ee3ba3e4439ac2c","registry.cn-hangzhou.aliyuncs.com/google_containers/pause@sha256:927d98197ec1141a368550822d18fa1c60bdae27b78b0c004f705f548c07814f":"sha256:80d28bedfe5dec59da9ebf8e6260224ac9008ab5c11dbbe16ee3ba3e4439ac2c"},"registry.cn-shanghai.aliyuncs.com/c7n/nfs-client-provisioner":{"registry.cn-shanghai.aliyuncs.com/c7n/nfs-client-provisioner:v3.1.0-k8s1.11":"sha256:e47e31bbe424e3df9827b75c68380b5e34d7619ce83ceaea4100bb50d1e0f3d9","registry.cn-shanghai.aliyuncs.com/c7n/nfs-client-provisioner@sha256:819e4176025d46637700e0a0711cc048d4171d4e6279be94e91ad53315c26a9d":"sha256:e47e31bbe424e3df9827b75c68380b5e34d7619ce83ceaea4100bb50d1e0f3d9"},"registry.hand-china.com/tools/redis":{"registry.hand-china.com/tools/redis:6.2.6-debian-10-r120":"sha256:74f63995c6262bed440fc5c23d66fbb7bdbd6e906a54f018c01d9fa8a17740b1","registry.hand-china.com/tools/redis@sha256:6a76298b78b9890ddac6010edfbea15545e6a5de20f2710a222cec44900a6e9f":"sha256:74f63995c6262bed440fc5c23d66fbb7bdbd6e906a54f018c01d9fa8a17740b1"}}}[root@slave1 overlay2]

以给jettech/kube-webhook-certgen这个镜像增加digests为例，打开 repositories.json 这个文件，将httpd的digest dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34 替换到两个jettech/kube-webhook-certgen后面的值，然后重启docker服务

[root@slave1 overlay2]# cat repositories.json 
{"Repositories":{"httpd":{"httpd:latest":"sha256:dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34","httpd@sha256:0954cc1af252d824860b2c5dc0a10720af2b7a3d3435581ca788dff8480c7b32":"sha256:dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34"},"jettech/kube-webhook-certgen":{"jettech/kube-webhook-certgen:v1.5.1":"sha256:dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34","jettech/kube-webhook-certgen@sha256:dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34":"sha256:a013daf8730dbb3908d66f67c57053f09055fddb28fde0b5808cb24c27900dc8"},"quay.io/coreos/flannel":{"quay.io/coreos/flannel:v0.13.0":"sha256:e708f4bb69e310904d564a1e67c3833d6a0428d3cf8dd9b9abba25c7aa0f3dfe"},"registry.cn-hangzhou.aliyuncs.com/google_containers/coredns":{"registry.cn-hangzhou.aliyuncs.com/google_containers/coredns:1.7.0":"sha256:bfe3a36ebd2528b454be6aebece806db5b40407b833e2af9617bf39afaff8c16"},"registry.cn-hangzhou.aliyuncs.com/google_containers/etcd":{"registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.4.13-0":"sha256:0369cf4303ffdb467dc219990960a9baa8512a54b0ad9283eaf55bd6c0adb934"},"registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy":{"registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy:v1.19.3":"sha256:cdef7632a242bc23fd6abf4e42b4ea36706d096ccef09cc855d4ad057db822d7","registry.cn-hangzhou.aliyuncs.com/google_containers/kube-proxy@sha256:1f99b26aad3a90358ad83b4065cf59002b5a913e839b70744caff4a84315a2e7":"sha256:cdef7632a242bc23fd6abf4e42b4ea36706d096ccef09cc855d4ad057db822d7"},"registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler":{"registry.cn-hangzhou.aliyuncs.com/google_containers/kube-scheduler:v1.19.3":"sha256:aaefbfa906bd854407acc3495e8a3b773bb3770e4a36d836f7fd3255c299ab25"},"registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller":{"registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller@sha256:3dd0fac48073beaca2d67a78c746c7593f9c575168a17139a9955a82c63c4b9a":"sha256:435df390f3673c475f60eac1ed1c12fd1aea2e8a083927325aa6d5c969c5c8d2"},"registry.cn-hangzhou.aliyuncs.com/google_containers/pause":{"registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.2":"sha256:80d28bedfe5dec59da9ebf8e6260224ac9008ab5c11dbbe16ee3ba3e4439ac2c","registry.cn-hangzhou.aliyuncs.com/google_containers/pause@sha256:927d98197ec1141a368550822d18fa1c60bdae27b78b0c004f705f548c07814f":"sha256:80d28bedfe5dec59da9ebf8e6260224ac9008ab5c11dbbe16ee3ba3e4439ac2c"},"registry.cn-shanghai.aliyuncs.com/c7n/nfs-client-provisioner":{"registry.cn-shanghai.aliyuncs.com/c7n/nfs-client-provisioner:v3.1.0-k8s1.11":"sha256:e47e31bbe424e3df9827b75c68380b5e34d7619ce83ceaea4100bb50d1e0f3d9","registry.cn-shanghai.aliyuncs.com/c7n/nfs-client-provisioner@sha256:819e4176025d46637700e0a0711cc048d4171d4e6279be94e91ad53315c26a9d":"sha256:e47e31bbe424e3df9827b75c68380b5e34d7619ce83ceaea4100bb50d1e0f3d9"},"registry.hand-china.com/tools/redis":{"registry.hand-china.com/tools/redis:6.2.6-debian-10-r120":"sha256:74f63995c6262bed440fc5c23d66fbb7bdbd6e906a54f018c01d9fa8a17740b1","registry.hand-china.com/tools/redis@sha256:6a76298b78b9890ddac6010edfbea15545e6a5de20f2710a222cec44900a6e9f":"sha256:74f63995c6262bed440fc5c23d66fbb7bdbd6e906a54f018c01d9fa8a17740b1"}}}

此时查看镜像会发现有两个jettech/kube-webhook-certgen

[root@slave1 overlay2]# docker images --digests
\REPOSITORY                                                                     TAG                    DIGEST                                                                    IMAGE ID            CREATED             SIZE
registry.hand-china.com/tools/redis                                            6.2.6-debian-10-r120   sha256:6a76298b78b9890ddac6010edfbea15545e6a5de20f2710a222cec44900a6e9f   74f63995c626        4 months ago        95.2MB
jettech/kube-webhook-certgen                                                   v1.5.1                 <none>                                                                    dabbfbe0c57b        6 months ago        144MB
httpd                                                                          latest                 sha256:0954cc1af252d824860b2c5dc0a10720af2b7a3d3435581ca788dff8480c7b32   dabbfbe0c57b        6 months ago        144MB
registry.cn-hangzhou.aliyuncs.com/google_containers/nginx-ingress-controller   <none>                 sha256:3dd0fac48073beaca2d67a78c746c7593f9c575168a17139a9955a82c63c4b9a   435df390f367        16 months ago       279MB
registry.cn-shanghai.aliyuncs.com/c7n/nfs-client-provisioner                   v3.1.0-k8s1.11         sha256:819e4176025d46637700e0a0711cc048d4171d4e6279be94e91ad53315c26a9d   e47e31bbe424        18 months ago       49.8MB
jettech/kube-webhook-certgen                                                   <none>                 sha256:dabbfbe0c57b6e5cd4bc089818d3f664acfad496dc741c9a501e72d15e803b34   a013daf

其中一个就是带digest，一个不带的哦，至此，digest修改的任务就算完成了。

这篇关于docker的小秘密--digests仓库校验码（如何修改digests）的文章就介绍到这儿，希望我们推荐的文章对编程师们有所帮助！