43

In Docker Hub images there are lists of commands that being run for each image layer. Here is a golang example.

Some applications also provide their Dockerfile in GitHub. Here is a golang example.

According to the Docker Hub image layer, ADD file:4b03b5f551e3fbdf47ec609712007327828f7530cc3455c43bbcdcaf449a75a9 in / is the first command. The image layer doesn't have any "FROM" command included, and it doesn't seem to be suffice the ADD definition too.

So here are the questions:

  1. What does ADD file:<HASH> in / means? What is this format?
  2. Is there any way I could trace upwards using the hash? I suppose that hash represents the FROM image, but it seems there are no API for that.
  3. Why it is not possible to build a dockerfile using the ADD file:<HASH> in / syntax? Is there any way I could build an image using such syntax, OR do a conversion between two format?
John Kugelman
  • 349,597
  • 67
  • 533
  • 578
Ben Chan
  • 615
  • 8
  • 11
  • 1
    See related https://stackoverflow.com/questions/68102407/ where I specifically ask what the hash after `ADD file:` is actually a hash of. I believe it warrants a separate question because it is a very specific detail, related to Q `1.` above though not explicitly stated in it. – sparrowt Jun 23 '21 at 15:15

2 Answers2

32

That Docker Hub history view doesn't show the actual Dockerfile; instead, it shows content essentially extracted from the docker history of the image. That doesn't preserve the specific details you're looking for: it doesn't remember the names of base images, or the build-context file names of things that get ADDed or COPYed in.

Chasing through GitHub and Docker Hub links, the golang:*-buster Dockerfile is built FROM buildpack-deps:...-scm; buildpack-deps:buster-scm is FROM buildpack-deps:buster-curl; that is FROM debian:buster; and that has a very simple Dockerfile (quoted here in its entirety):

FROM scratch
ADD rootfs.tar.xz /
CMD ["bash"]

FROM scratch starts from a completely totally empty image; that is the base of the Docker image tree (and what tells docker history and similar tools to stop). The ADD line unpacks a tar file of a Debian system image.

If you look at docker history or the Docker Hub history view you cite, you should be able to see these same steps happening. The ADD file:4b0... in / corresponds to the ADD rootfs.tar.gz /, and the second line is the CMD ["bash"]. It is not split up by Dockerfile or image, and the original filenames from ADD aren't saved. (You couldn't reproduce the image anyways without the contents of the rootfs.tar.gz, so it's merely slightly helpful to know its filename but not essential.)

The ADD file:hash in /path syntax is not standard Dockerfile syntax (the word in in particular is not part of it). I'm not sure there's a reliable way to translate from the host file or URL to the hash, but building the image and looking at its docker history would tell you (assuming you've got a perfect match for the file metadata). There's no way to get back to the original filename or syntax, and definitely no way to get back to the file contents.

David Maze
  • 130,717
  • 29
  • 175
  • 215
  • Check this out, It might helpful...https://docs.docker.com/storage/storagedriver/select-storage-driver/ – Ibrahim Kasim Dec 27 '20 at 07:05
  • https://www.freecodecamp.org/news/where-are-docker-images-stored-docker-container-paths-explained/ – Ibrahim Kasim Dec 27 '20 at 07:15
  • Let me just vent here that this is nuts. How hard would it have been to include the textual Dockerfile line in the layer? Or the whole Dockerfile? Who cares about a few kilobytes of redundant storage. Docker was (among other things) a technology for reproducible build and runtime experiences. I'm already chasing Dockerfiles from images no older than two years. – Hannes Jun 08 '23 at 00:08
2

  1. ADD or COPY means that files are append to the images.

  2. That are files, you cannot "trace" them.

  3. You cannot just copy the commands, because the hashes are not the original files. See https://forums.docker.com/t/how-to-extract-file-from-image/96987 to get the file.

akop
  • 5,981
  • 6
  • 24
  • 51