Why doesn't hub.docker.com provide a simple way to compare local container and remote repository?

Hello community,

To check if there have been any updates to the container, I want to compare a “local” container with a “remote” repository by some hash value. I want to check before running docker pull.

Please correct me if I am wrong.

I assume that the results of each of the following commands refer to the same thing.

<local>
$ ID=$(docker image list --format "{{.Repository}}:{{.Tag}} {{.ID}}" | grep "dtagdevsec/logstash" | cut -d ' ' -f 2)
$ docker inspect ${ID} | jq '.[]."Id"'
<remote>
$ TOKEN=$(curl -s "https://auth.docker.io/token?service=registry.docker.io&scope=repository:dtagdevsec/logstash:pull" | jq -r '.token')
$ curl -s -H 'Accept: application/vnd.docker.distribution.manifest.v2+json' -H "Authorization: Bearer ${TOKEN}" https://registry-1.docker.io/v2/dtagdevsec/logstash/manifests/sha256:01ae60146d910da0a779d892a9fe08415778ba4ee20d5c94d5a3d7d5ebc5bdc3 | jq '."config"."digest"'

So I believe the following steps can be used to make a comparison.
(The target container running on amd64 architecture.)

  1. Get “Id” of the target container by docker inspect command.
$ ID=$(docker image list --format "{{.Repository}}:{{.Tag}} {{.ID}}" | grep "dtagdevsec/logstash" | cut -d ' ' -f 2)
$ LOCAL=$(docker inspect ${ID} | jq '.[]."Id"')
  1. Use the docker manifest inspect command to get the “digest” with the “architecture” distinction.
$ ARCH_DIGEST=$(docker manifest inspect dtagdevsec/logstash:2204 | jq -r '."manifests"[] | select(."platform"."architecture" == "amd64") | ."digest"')
  1. Get manifests from https://registry-1.docker.io/ with curl command.
$ TOKEN=$(curl -s "https://auth.docker.io/token?service=registry.docker.io&scope=repository:dtagdevsec/logstash:pull" | jq -r '.token')
$ REMOTE=$(curl -s -H 'Accept: application/vnd.docker.distribution.manifest.v2+json' -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/dtagdevsec/logstash/manifests/${ARCH_DIGEST} | jq '."config"."digest"')
  1. Compare the results of step 1 and step 3.
$ echo ${LOCAL}
"sha256:189e56e6806f15ea4e447fd7ccfa902ecdf363de5433bc086c37bdd5f1be2176"
$ echo ${REMOTE}
"sha256:189e56e6806f15ea4e447fd7ccfa902ecdf363de5433bc086c37bdd5f1be2176"

Regards,