A Docker image is a directory hierarchy containing the initial contents of a running container. It is represented by a manifest file which lists its layers, and each layer is a gzipped tarfile (.tgz files). Layers are stored as blobs named by digests of their contents.
As a sanity check, we might want to view the contents of an image that we’ve pushed to DockerHub. Following these instructions, here’s a script that fetches an image using the DockerHub Registry API. It requires jq.
#!/bin/sh# the image that we want to download
export IMAGE="timburks/tiny"# first we need to get an auth token with the access
# permissions that we need
export AUTHURL="https://auth.docker.io/token?scope=repository:$IMAGE:pull&service=registry.docker.io"
export TOKEN=`curl --silent $AUTHURL | jq -r '.token'`# next we fetch the manifest and extract the layer digests
export DIGESTS=`curl \
--silent \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Authorization: Bearer $TOKEN" \
"https://registry-1.docker.io/v2/$IMAGE/manifests/latest" \
| jq -r '.layers[].digest'`# each digest is the name of a blob containing an image layer
echo $DIGESTS# we'll put the layers of the image in a directory named 'layers'
# watch out for name collisions!
rm -rf layers
mkdir layers
LAYER=0
for DIGEST in $DIGESTS ; do
echo $DIGEST
curl --silent --location \
--header "Authorization: Bearer $TOKEN" \
https://registry-1.docker.io/v2/$IMAGE/blobs/$DIGEST \
-o layers/layer-$LAYER.tgz
LAYER=$((LAYER+1))
done# now you can look inside or unpack each image with tar.
