Digest id and digest tag

General
1

hi
i execute docker pull domoticz/domoticz:stable
and i check the “RepoDigests”

docker image inspect domoticz/domoticz:stable
[
    {
        "Id": "sha256:9d5ce4d3cc8222194dbf41bb15ffa5765565846e9a69dc44b4e03dbd676aeacf",
        "RepoTags": [            "domoticz/domoticz:stable"       ],
        "RepoDigests": [ "domoticz/domoticz@sha256:ffba80df6855a0cdf853f0c020cfb4404797522a03d91c7512254325403327f9"
        ],

i have this id ffba80df6855a0cdf853f0c020cfb4404797522a03d91c7512254325403327f9

when i execute to check the id tags

curl -s https://hub.docker.com/v2/repositories/domoticz/domoticz/tags -H Content-Type: application/json | jq -r .results[]
{
  "creator": 11803294,
  "id": 173067092,
  "images": [
    {
      "architecture": "arm",
      "features": "",
      "variant": "v7",
      "digest": "sha256:0c08596a0336e723f75e5f46496e054b6f127c83eca1e604625824ae31bbc8b1",
      "os": "linux",
      "os_features": "",
      "os_version": null,
      "size": 92948648,
      "status": "active",
      "last_pulled": "2024-09-14T17:04:12.617394Z",
      "last_pushed": "2024-09-14T05:37:34.342772Z"
    },
    {
  ],
  "last_updated": "2024-09-14T05:37:35.139157Z",
  "last_updater": 11803294,
  "last_updater_username": "pa1dvb",
  "name": "latest",
  "repository": 11157507,
  "full_size": 92948648,
  "v2": true,
  "tag_status": "active",
  "tag_last_pulled": "2024-09-14T17:42:47.393984Z",
  "tag_last_pushed": "2024-09-14T05:37:35.139157Z",
  "media_type": "application/vnd.oci.image.index.v1+json",
  "content_type": "image",
  "digest": "sha256:6ce598bcee630df103b3f05063304a6ff32cf692150c05df0dbe78f8ca82648f"

i have this number “digest”: sha256:0c08596a0336e723f75e5f46496e054b6f127c83eca1e604625824ae31bbc8b1 instead sha256:ffba80df6855a0cdf853f0c020cfb4404797522a03d91c7512254325403327f9
i don’t retrieve the id , is it normal ?

2

You are listing tags not reding the tag called “stable”. Of course there are many tags and you can tell by the “name” key, none of those are the stable, since you won’t get all the tags in a single query. Here is the right query

curl -s https://hub.docker.com/v2/repositories/domoticz/domoticz/tags/stable -H 'Content-Type: application/json' | jq -r .diges

Output:

sha256:ffba80df6855a0cdf853f0c020cfb4404797522a03d91c7512254325403327f9

You also compared a tag digest to an image digest for a specific architecture. In your quoted json the digest was actually

sha256:6ce598bcee630df103b3f05063304a6ff32cf692150c05df0dbe78f8ca82648f

and it belonged to the “latest” tag.

3

perfect , thanks you
is it possible to get the RepoDigests in the container ?

4

No, but you can always get the digest before running the container and set it as an environment variable if you need it.

5

i understand , how you put the information in the environment variable . is it when you create the container?

6

Yes. For the exact solution, please check the output of docker run --help and search for “docker env variable” with a search engine. You should find compose as well.

7

My configuration is

	docker pull domoticz/domoticz:stable
	docker build -t domoticz/domoticz:dpkg .

when i check the repodisgest from stable version it’s ok

docker inspect --format="{{index .RepoDigests 0}}" domoticz/domoticz:stable

but the same commande for the domoticz/domoticz:dpkg, and i haven’'t the information and it’s normal

i put manualy this in the docker file to test and i retrieve the variable
ENV tagged=sha256:ffba80df6855a0cdf853f0c020cfb4404797522a03d91c7512254325403327f9

the question is : how can i create automaticly environment variable with the value repodigest from domoticz/domoticz:stable ?

8

I think I undeerstand only a part of what you wrote. Since you built a new image it will have different digest, so why would you add the old digest to the Dockerfile?

and I wrote “yes”. I also shared the command. which gives you the help containing the parameter to pass a variable. There is no automatism since the point of using containers is the isolation. The aplication doesn’t have to know the digest of the image of the isolated environment. If you have a special case, you can write a script that gets the digest from the image before running a container from it and pass the variable to the container in the docker run command or docker compose.

If you share what your goal is, maybe we can suggest a better solution instead of passing the digest.

9

My goal i would to check when the new version of the domoticz/domoticz:stable is published on the docker hub but in my domoticz/domoticz:dpkg container

My idea is to put the sha256 when i create docker build -t domoticz/domoticz:dpkg .
Dockerfile

FROM domoticz/domoticz:stable
RUN apt-get -y update && apt-get install -y --no-install-recommends \
	snmp \
	snmpd 
ENV tagged=sha256:ffba80df6855a0cdf853f0c020cfb4404797522a03d91c7512254325403327f9

this solution is not full automated
infact i don’t know if it’s the best solution

i can create a script to update the variable from the first image

you say
you can write a script that gets the digest from the image before running a container from it and pass the variable to the container in the docker run command or docker compose

in this case i create a script that create a dynamic dockerfile as

tagged=`docker inspect --format="{{index .RepoDigests 0}}" domoticz/domoticz:stable`
# use dynamic Dockerfile:
 {
     echo "blabla"
     echo "ENV tagged=$VAR_VALUE"
   }
10

i add this

cp -f dockerfile.sav dockerfile
echo ENV tagged=$(echo `docker inspect --format="{{index .RepoDigests 0}}" domoticz/domoticz:stable` | cut -f2 -d'@') >> dockerfile
docker build -t domoticz/domoticz:dpkg .

and next i can compare with in the container

curl -s https://hub.docker.com/v2/repositories/domoticz/domoticz/tags/stable -H 'Content-Type: application/json' | jq -r .digest

thanks for your help

11

Sorry, it seems I forgot to reply again. So I don’t understand why you want to add the env variable in the Dockerfile when you can pass it to the docker run command without changing anything in the Dockerfile and building a new image.

I shared the command for more help

Then you would have found docker run -e VAR=value. Compose supports env variables as well. You don’t need to build an image just for adding a variable.

12

it’s the docker service that run the command
In this case , is it in the docker-compose.yml file ?

  domoticz:
    image: domoticz/domoticz:dpkg
    container_name: domoticz
    environment:
      - PGID=1000
      - PUID=1000
      - WWW_PORT=8080 # Specify default HTTP port
      - SSL_PORT=443 # Specify default SSL port
      - TZ=Europe/Paris
13

You already have environment variables in the compose file, so yes, you ca add more. I would try something like this on Linux

IMAGE_DIGEST=$(...)
export IMAGE_DIGEST
docker compose up -d # or docker stack if you used swarm

with a variable definition like this:

  environment:
    # ...
    - IMAGE_DIGEST=${IMAGE_DIGEST}

I don’t use swarm, but I assume it would work with that too.

14

i implemented your solution, it’s a good solution, thank you, it’s solved :smiley:
Now in the container i can compare with sha256 from the hub docker tags