Using docker 1.10.2, I’ve experienced the following:
If I pull an image explicitly by digest, then
- the docker daemon verifies the digest
- the digest is subsequently available locally via the “docker inspect” command in the “RepoDigests” field
If I pull by tag (without Content Trust enabled)
- the digest from the manifest is printed to the console
- however, the docker daemon does not verify the digest
- the digest is not available via “docker inspect”
Is there any way to do either or both of:
- force the daemon to verify the digest on pull by tag
- keep the digest available for later inspection?
Thanks!