5

If I run docker history --no-trunc IMAGE on an image which was built from a Dockerfile like:

FROM scratch
ADD something.tar.xz /
...

I see the following under the CREATED BY column in the last line of the docker history output:

/bin/sh -c #(nop) ADD file:fb0755f94145d1e0a46167faf3b43dba3db9383f4c230217a500a65e01307e27 in /

The part after file: looks like a SHA256 hash of something but it doesn't match the SHA256 of...

  • the file referenced in the Dockerfile (something.tar.xz)
  • the name of that file or its full path at build time
  • the layer digest or any other which I see in the output from any Docker ls/inspect/etc.

So my question is, purely out of interest, what is this the hash of?

Related questions

This question is related but based on the misunderstanding that the ADD file:... is actually in the Dockerfile.

This question kind of implicitly asks my question but the closest to an answer is:

I'm not sure there's a reliable way to translate from the host file or URL to the hash

So I want to explicitly ask the question of what the hash actually refers to, even though I fully understand that I cannot magically reconstitute any information from it about the original file which was ADDed.

sparrowt
  • 2,641
  • 25
  • 24
  • I'm wondering the same thing. I wonder if this is permissions-related. My guess is that the tarball gets exploded on disk and then _that's_ hashed (as a layer) and what makes it into the history. See https://github.com/moby/moby/issues/32816, but I can't immediately think about how to reproduce it. – bureado Sep 01 '21 at 03:19
  • Potentially relevant: https://github.com/moby/moby/blob/master/pkg/tarsum/tarsum.go -> https://github.com/moby/moby/blob/7b9275c0da707b030e62c96b679a976f31f929d3/pkg/tarsum/tarsum_spec.md – bureado Sep 01 '21 at 03:22

0 Answers0