Skip to content

Instantly share code, notes, and snippets.

@cirocosta
Created November 26, 2017 12:30
Show Gist options
  • Save cirocosta/17ea17be7ac11594cb0f290b0a3ac0d1 to your computer and use it in GitHub Desktop.
Save cirocosta/17ea17be7ac11594cb0f290b0a3ac0d1 to your computer and use it in GitHub Desktop.
Retrieves the configuration of images pushed to Docker registries - see https://ops.tips/blog/inspecting-docker-image-without-pull/ for more information
#!/bin/bash
# Retrieves image configuration using
# private registries without authentication
set -o errexit
# Address of the registry that we'll be
# performing the inspections against.
# This is necessary as the arguments we
# supply to the API calls don't include
# such address (the address is used in the
# url itself).
readonly REGISTRY_ADDRESS="${REGISTRY_ADDRESS:-localhost:5000}"
main() {
check_args "$@"
local image=$1
local tag=$2
local digest=$(get_digest $image $tag)
get_image_configuration $image $digest
}
# Makes sure that we provided (from the cli)
# enough arguments.
check_args() {
if (($# != 2)); then
echo "Error:
Two arguments must be provided - $# provided.
Usage:
./get-image-config.sh <image> <tag>
Aborting."
exit 1
fi
}
# Retrieves the digest of a specific image tag,
# that is, the address of the uppermost of a specific
# tag of an image.
get_digest() {
local image=$1
local tag=$2
echo "Retrieving image digest.
IMAGE: $image
TAG: $tag
" >&2
curl \
--silent \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
"http://REGISTRY_ADDRESS/v2/$image/manifests/$tag" |
jq -r '.config.digest'
}
# Retrieves the image configuration from a given
# digest.
get_image_configuration() {
local image=$1
local digest=$2
echo "Retrieving Image Configuration.
IMAGE: $image
DIGEST: $digest
" >&2
curl \
--silent \
--location \
"http://REGISTRY_ADDRESS/v2/$image/blobs/$digest" |
jq -r '.container_config'
}
main "$@"
#!/bin/bash
# Retrieves image configuration from
# old images pushed to DockerHub
set -o errexit
main() {
check_args "$@"
local image=$1
local tag=$2
local token=$(get_token $image)
local old_config=$(get_old_config $image $tag $token)
get_image_configuration "$old_config"
}
get_image_configuration () {
local old_config=$1
echo "$old_config" | jq -r '.history[0].v1Compatibility' | jq '.container_config'
}
get_token() {
local image=$1
echo "Retrieving Docker Hub token.
IMAGE: $image
" >&2
curl \
--silent \
"https://auth.docker.io/token?scope=repository:$image:pull&service=registry.docker.io" \
| jq -r '.token'
}
get_old_config() {
local image=$1
local tag=$2
local token=$3
echo "Retrieving image digest.
IMAGE: $image
TAG: $tag
TOKEN: $token
" >&2
curl \
--silent \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Authorization: Bearer $token" \
"https://registry-1.docker.io/v2/$image/manifests/$tag" \
| jq -r '.'
}
check_args() {
if (($# != 2)); then
echo "Error:
Two arguments must be provided - $# provided.
Usage:
./get-image-config.sh <image> <tag>
Aborting."
exit 1
fi
}
main "$@"
#!/bin/bash
# Retrieves image configuration from public
# images in DockerHub
set -o errexit
main() {
check_args "$@"
local image=$1
local tag=$2
local token=$(get_token $image)
local digest=$(get_digest $image $tag $token)
get_image_configuration $image $token $digest
}
get_image_configuration() {
local image=$1
local token=$2
local digest=$3
echo "Retrieving Image Configuration.
IMAGE: $image
TOKEN: $token
DIGEST: $digest
" >&2
curl \
--silent \
--location \
--header "Authorization: Bearer $token" \
"https://registry-1.docker.io/v2/$image/blobs/$digest" \
| jq -r '.container_config'
}
get_token() {
local image=$1
echo "Retrieving Docker Hub token.
IMAGE: $image
" >&2
curl \
--silent \
"https://auth.docker.io/token?scope=repository:$image:pull&service=registry.docker.io" \
| jq -r '.token'
}
# Retrieve the digest, now specifying in the header
# that we have a token (so we can pe...
get_digest() {
local image=$1
local tag=$2
local token=$3
echo "Retrieving image digest.
IMAGE: $image
TAG: $tag
TOKEN: $token
" >&2
curl \
--silent \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Authorization: Bearer $token" \
"https://registry-1.docker.io/v2/$image/manifests/$tag" \
| jq -r '.config.digest'
}
check_args() {
if (($# != 2)); then
echo "Error:
Two arguments must be provided - $# provided.
Usage:
./get-image-config.sh <image> <tag>
Aborting."
exit 1
fi
}
main "$@"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment