How to determine the specific version of a Docker image built from a latest/stable tag?

Question

I have a Docker image that was created roughly a year ago. The Dockerfile contains:

FROM docker:stable

How can I determine the actual version of the docker image that stable was referring to back when the image was built?

Edit: What I want to do, in a nutshell, is replace FROM docker:stable with FROM docker:X.Y.Z where X.Y.Z is the version tag that "stable" was pointing to a year ago when the image was originally built.

Answer 1

As suggested by this answer

docker inspect --format='{{index .RepoDigests 0}}' $IMAGE

This will give you the sha256 hash of the image.

Then you can use a service like MicroBadger to get more info about that specific build.

---

If you want to recreate the Dockerfile you can use docker history to examine the layer history:

$ docker history docker

IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
3e23a5875458        8 days ago          /bin/sh -c #(nop) ENV LC_ALL=C.UTF-8            0 B
8578938dd170        8 days ago          /bin/sh -c dpkg-reconfigure locales &&    loc   1.245 MB
be51b77efb42        8 days ago          /bin/sh -c apt-get update && apt-get install    338.3 MB
4b137612be55        6 weeks ago         /bin/sh -c #(nop) ADD jessie.tar.xz in /        121 MB
750d58736b4b        6 weeks ago         /bin/sh -c #(nop) MAINTAINER Tianon Gravi <ad   0 B
511136ea3c5a        9 months ago                                                        0 B    

Keep in mind that if the image has been manually tampered with, I don't know how reliable this output would be.

---

Finally if you want to go full hacker mode, this old thread on the Docker community forums has some info.

I'm not sure how you can get the tag, because I don't believe this is stored in the image itself, but in the repository. So you'd have to query the repository itself, or get a full list of image history and go detective on it.