github.com/lusis/distribution@v2.0.1+incompatible/docs/spec/manifest-v2-1.md (about) 1 # Image Manifest Version 2, Schema 1 2 3 This document outlines the format of of the V2 image manifest. Image manifests 4 describe the various constituents of a docker image. Image manifests can be 5 serialized to JSON format with the following media types: 6 7 Manifest Type | Media Type 8 ------------- | ------------- 9 manifest | "application/vnd.docker.distribution.manifest.v1+json" 10 signed manifest | "application/vnd.docker.distribution.manifest.v1+prettyjws" 11 12 *Note that "application/json" will also be accepted for schema 1.* 13 14 References: 15 16 - [Proposal: JSON Registry API V2.1](https://github.com/docker/docker/issues/9015) 17 - [Proposal: Provenance step 1 - Transform images for validation and verification](https://github.com/docker/docker/issues/8093) 18 19 ## *Manifest* Field Descriptions 20 21 Manifest provides the base accessible fields for working with V2 image format 22 in the registry. 23 24 - **`name`** *string* 25 26 name is the name of the image's repository 27 28 - **`tag`** *string* 29 30 tag is the tag of the image 31 32 - **`architecture`** *string* 33 34 architecture is the host architecture on which this image is intended to 35 run. This is for information purposes and not currently used by the engine 36 37 - **`fsLayers`** *array* 38 39 fsLayers is a list of filesystem layer blob sums contained in this image. 40 41 An fsLayer is a struct consisting of the following fields 42 - **`blobSum`** *digest.Digest* 43 44 blobSum is the digest of the referenced filesystem image layer. A 45 digest can be a tarsum or sha256 hash. 46 47 48 - **`history`** *array* 49 50 history is a list of unstructured historical data for v1 compatibility. 51 52 history is a struct consisting of the following fields 53 - **`v1Compatibility`** string 54 55 V1Compatibility is the raw V1 compatibility information. This will 56 contain the JSON object describing the V1 of this image. 57 58 - **`schemaVersion`** *int* 59 60 SchemaVersion is the image manifest schema that this image follows. 61 62 ## Signed Manifests 63 64 Signed manifests provides an envelope for a signed image manifest. A signed 65 manifest consists of an image manifest along with an additional field 66 containing the signature of the manifest. 67 68 The docker client can verify signed manifests and displays a message to the user. 69 70 ### Signing Manifests 71 72 Image manifests can be signed in two different ways: with a *libtrust* private 73 key or an x509 certificate chain. When signing with an x509 certificate chain, 74 the public key of the first element in the chain must be the public key 75 corresponding with the sign key. 76 77 ### Signed Manifest Field Description 78 79 Signed manifests include an image manifest and and a list of signatures generated 80 by *libtrust*. A signature consists of the following fields: 81 82 83 - **`header`** *[JOSE](http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31#section-2)* 84 85 A [JSON Web Signature](http://self-issued.info/docs/draft-ietf-jose-json-web-signature.html) 86 87 - **`signature`** *string* 88 89 A signature for the image manifest, signed by a *libtrust* private key 90 91 - **`protected`** *string* 92 93 The signed protected header 94 95 ## Example Manifest 96 97 *Example showing the official 'hello-world' image manifest.* 98 99 ``` 100 { 101 "name": "hello-world", 102 "tag": "latest", 103 "architecture": "amd64", 104 "fsLayers": [ 105 { 106 "blobSum": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" 107 }, 108 { 109 "blobSum": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" 110 }, 111 { 112 "blobSum": "sha256:cc8567d70002e957612902a8e985ea129d831ebe04057d88fb644857caa45d11" 113 }, 114 { 115 "blobSum": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" 116 } 117 ], 118 "history": [ 119 { 120 "v1Compatibility": "{\"id\":\"e45a5af57b00862e5ef5782a9925979a02ba2b12dff832fd0991335f4a11e5c5\",\"parent\":\"31cbccb51277105ba3ae35ce33c22b69c9e3f1002e76e4c736a2e8ebff9d7b5d\",\"created\":\"2014-12-31T22:57:59.178729048Z\",\"container\":\"27b45f8fb11795b52e9605b686159729b0d9ca92f76d40fb4f05a62e19c46b4f\",\"container_config\":{\"Hostname\":\"8ce6509d66e2\",\"Domainname\":\"\",\"User\":\"\",\"Memory\":0,\"MemorySwap\":0,\"CpuShares\":0,\"Cpuset\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"],\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) CMD [/hello]\"],\"Image\":\"31cbccb51277105ba3ae35ce33c22b69c9e3f1002e76e4c736a2e8ebff9d7b5d\",\"Volumes\":null,\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":[],\"SecurityOpt\":null,\"Labels\":null},\"docker_version\":\"1.4.1\",\"config\":{\"Hostname\":\"8ce6509d66e2\",\"Domainname\":\"\",\"User\":\"\",\"Memory\":0,\"MemorySwap\":0,\"CpuShares\":0,\"Cpuset\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"],\"Cmd\":[\"/hello\"],\"Image\":\"31cbccb51277105ba3ae35ce33c22b69c9e3f1002e76e4c736a2e8ebff9d7b5d\",\"Volumes\":null,\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":[],\"SecurityOpt\":null,\"Labels\":null},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":0}\n" 121 }, 122 { 123 "v1Compatibility": "{\"id\":\"e45a5af57b00862e5ef5782a9925979a02ba2b12dff832fd0991335f4a11e5c5\",\"parent\":\"31cbccb51277105ba3ae35ce33c22b69c9e3f1002e76e4c736a2e8ebff9d7b5d\",\"created\":\"2014-12-31T22:57:59.178729048Z\",\"container\":\"27b45f8fb11795b52e9605b686159729b0d9ca92f76d40fb4f05a62e19c46b4f\",\"container_config\":{\"Hostname\":\"8ce6509d66e2\",\"Domainname\":\"\",\"User\":\"\",\"Memory\":0,\"MemorySwap\":0,\"CpuShares\":0,\"Cpuset\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"],\"Cmd\":[\"/bin/sh\",\"-c\",\"#(nop) CMD [/hello]\"],\"Image\":\"31cbccb51277105ba3ae35ce33c22b69c9e3f1002e76e4c736a2e8ebff9d7b5d\",\"Volumes\":null,\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":[],\"SecurityOpt\":null,\"Labels\":null},\"docker_version\":\"1.4.1\",\"config\":{\"Hostname\":\"8ce6509d66e2\",\"Domainname\":\"\",\"User\":\"\",\"Memory\":0,\"MemorySwap\":0,\"CpuShares\":0,\"Cpuset\":\"\",\"AttachStdin\":false,\"AttachStdout\":false,\"AttachStderr\":false,\"PortSpecs\":null,\"ExposedPorts\":null,\"Tty\":false,\"OpenStdin\":false,\"StdinOnce\":false,\"Env\":[\"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"],\"Cmd\":[\"/hello\"],\"Image\":\"31cbccb51277105ba3ae35ce33c22b69c9e3f1002e76e4c736a2e8ebff9d7b5d\",\"Volumes\":null,\"WorkingDir\":\"\",\"Entrypoint\":null,\"NetworkDisabled\":false,\"MacAddress\":\"\",\"OnBuild\":[],\"SecurityOpt\":null,\"Labels\":null},\"architecture\":\"amd64\",\"os\":\"linux\",\"Size\":0}\n" 124 }, 125 ], 126 "schemaVersion": 1, 127 "signatures": [ 128 { 129 "header": { 130 "jwk": { 131 "crv": "P-256", 132 "kid": "OD6I:6DRK:JXEJ:KBM4:255X:NSAA:MUSF:E4VM:ZI6W:CUN2:L4Z6:LSF4", 133 "kty": "EC", 134 "x": "3gAwX48IQ5oaYQAYSxor6rYYc_6yjuLCjtQ9LUakg4A", 135 "y": "t72ge6kIA1XOjqjVoEOiPPAURltJFBMGDSQvEGVB010" 136 }, 137 "alg": "ES256" 138 }, 139 "signature": "XREm0L8WNn27Ga_iE_vRnTxVMhhYY0Zst_FfkKopg6gWSoTOZTuW4rK0fg_IqnKkEKlbD83tD46LKEGi5aIVFg", 140 "protected": "eyJmb3JtYXRMZW5ndGgiOjY2MjgsImZvcm1hdFRhaWwiOiJDbjAiLCJ0aW1lIjoiMjAxNS0wNC0wOFQxODo1Mjo1OVoifQ" 141 } 142 ] 143 } 144 145 ```