如何使用 HTTP API v2 获取清单?
How to get manifests using HTTP API v2?
How to authenticate with the V2 API 有用且有效。
REPO="https://hub.docker.com/v2"
我能够获得代币、列出(我的)存储库并列出它们的图像和标签。
curl --silent \
--header "Authorization: JWT ${TOKEN}" \
${REPO}/repositories/${USERNAME}/
curl --silent \
--header "Authorization: JWT ${TOKEN}" \
${REPO}/repositories/${USERNAME}/${IMAGE}/tags/
我想 'GET MANIFEST' 但我正在努力让它发挥作用:
https://docs.docker.com/registry/spec/api/#manifest:
curl --silent \
--header "Host: hub.docker.com" \
--header "Authorization: JWT ${TOKEN}" \
${REPO}/repositories/${USERNAME}/${IMAGE}/manifests/
curl --silent \
--header "Host: hub.docker.com" \
--header "Authorization: JWT ${TOKEN}" \
${REPO}/${USERNAME}/${IMAGE}/manifests/
curl --silent \
--header "Host: hub.docker.com" \
--header "Authorization: JWT ${TOKEN}" \
${REPO}/${USERNAME}/${IMAGE}/manifests/${TAG}
我试过使用|不使用 Host header。具有各种数值的Hostheader。但是,我显然遗漏了一些东西。我尝试了 pattern-matching 对工作端点但没有喜悦:
curl --silent \
--header "Authorization: JWT ${TOKEN}" \
${REPO}/repositories/${USERNAME}/${IMAGE}/manifests/
奇怪的是,此页面将 "GET TAGS" 似乎错误地显示为 /v2/<name>/tags/list:
https://docs.docker.com/registry/spec/api/#tags
评论:
Follow-up
我是 Googler 并且可以访问 Google Container Registry (GCR)。
REPO="https://gcr.io/v2/"
一时兴起,我刚刚尝试 'GET MANIFEST' 针对 GCR,请求有效:
curl --silent \
--request GET \
--user _token:$(gcloud auth print-access-token) \
${REPO}/${PROJECT}/${IMAGE}/manifests/${TAG}
它与所有 *.docker.com|io 子域相当混乱!
我发现 registry.hub.docker.com 和 index.docker.io 是最可靠的。
您可以从那里轻松查询标签,但对于清单,您需要先获取一个令牌才能提取:
REGISTRY=https://index.docker.io/v2
#REGISTRY="https://registry.hub.docker.com/v2"
#REGISTRY="https://registry.docker.io/v2"
#REGISTRY="https://registry-1.docker.io/v2"
#REGISTRY="https://hub.docker.com/v2"
REPO=library
IMAGE=debian
# Could also be a repo digest
TAG=latest
# Query tags
curl "$REGISTRY/repositories/$REPO/$IMAGE/tags/"
# Query manifest
curl -iL "$REGISTRY/$REPO/$IMAGE/manifests/$TAG"
# HTTP/1.1 401 Unauthorized
# Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:library/debian:pull"
TOKEN=$(curl -sSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$REPO/$IMAGE:pull" \
| jq --raw-output .token)
curl -LH "Authorization: Bearer ${TOKEN}" "$REGISTRY/$REPO/$IMAGE/manifests/$TAG"
# Some repos seem to return V1 Schemas by default
REPO=nginxinc
IMAGE=nginx-unprivileged
TAG=1.17.2
curl -LH "Authorization: Bearer $(curl -sSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$REPO/$IMAGE:pull" | jq --raw-output .token)" \
"$REGISTRY/$REPO/$IMAGE/manifests/$TAG"
# Solution: Set the Accept Header for V2
curl -LH "Authorization: Bearer $(curl -sSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$REPO/$IMAGE:pull" | jq --raw-output .token)" \
-H "Accept:application/vnd.docker.distribution.manifest.v2+json" \
"$REGISTRY/$REPO/$IMAGE/manifests/$TAG"
见
- this gist 再举个例子
- 这个 repo 用于可重复使用的脚本 docker-image-size-curl.sh
hub.docker.com works differently 的授权,您似乎无法从那里获得清单
How to authenticate with the V2 API 有用且有效。
REPO="https://hub.docker.com/v2"
我能够获得代币、列出(我的)存储库并列出它们的图像和标签。
curl --silent \
--header "Authorization: JWT ${TOKEN}" \
${REPO}/repositories/${USERNAME}/
curl --silent \
--header "Authorization: JWT ${TOKEN}" \
${REPO}/repositories/${USERNAME}/${IMAGE}/tags/
我想 'GET MANIFEST' 但我正在努力让它发挥作用: https://docs.docker.com/registry/spec/api/#manifest:
curl --silent \
--header "Host: hub.docker.com" \
--header "Authorization: JWT ${TOKEN}" \
${REPO}/repositories/${USERNAME}/${IMAGE}/manifests/
curl --silent \
--header "Host: hub.docker.com" \
--header "Authorization: JWT ${TOKEN}" \
${REPO}/${USERNAME}/${IMAGE}/manifests/
curl --silent \
--header "Host: hub.docker.com" \
--header "Authorization: JWT ${TOKEN}" \
${REPO}/${USERNAME}/${IMAGE}/manifests/${TAG}
我试过使用|不使用 Host header。具有各种数值的Hostheader。但是,我显然遗漏了一些东西。我尝试了 pattern-matching 对工作端点但没有喜悦:
curl --silent \
--header "Authorization: JWT ${TOKEN}" \
${REPO}/repositories/${USERNAME}/${IMAGE}/manifests/
奇怪的是,此页面将 "GET TAGS" 似乎错误地显示为 /v2/<name>/tags/list:
https://docs.docker.com/registry/spec/api/#tags
评论:
Follow-up
我是 Googler 并且可以访问 Google Container Registry (GCR)。
REPO="https://gcr.io/v2/"
一时兴起,我刚刚尝试 'GET MANIFEST' 针对 GCR,请求有效:
curl --silent \
--request GET \
--user _token:$(gcloud auth print-access-token) \
${REPO}/${PROJECT}/${IMAGE}/manifests/${TAG}
它与所有 *.docker.com|io 子域相当混乱!
我发现 registry.hub.docker.com 和 index.docker.io 是最可靠的。
您可以从那里轻松查询标签,但对于清单,您需要先获取一个令牌才能提取:
REGISTRY=https://index.docker.io/v2
#REGISTRY="https://registry.hub.docker.com/v2"
#REGISTRY="https://registry.docker.io/v2"
#REGISTRY="https://registry-1.docker.io/v2"
#REGISTRY="https://hub.docker.com/v2"
REPO=library
IMAGE=debian
# Could also be a repo digest
TAG=latest
# Query tags
curl "$REGISTRY/repositories/$REPO/$IMAGE/tags/"
# Query manifest
curl -iL "$REGISTRY/$REPO/$IMAGE/manifests/$TAG"
# HTTP/1.1 401 Unauthorized
# Www-Authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io",scope="repository:library/debian:pull"
TOKEN=$(curl -sSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$REPO/$IMAGE:pull" \
| jq --raw-output .token)
curl -LH "Authorization: Bearer ${TOKEN}" "$REGISTRY/$REPO/$IMAGE/manifests/$TAG"
# Some repos seem to return V1 Schemas by default
REPO=nginxinc
IMAGE=nginx-unprivileged
TAG=1.17.2
curl -LH "Authorization: Bearer $(curl -sSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$REPO/$IMAGE:pull" | jq --raw-output .token)" \
"$REGISTRY/$REPO/$IMAGE/manifests/$TAG"
# Solution: Set the Accept Header for V2
curl -LH "Authorization: Bearer $(curl -sSL "https://auth.docker.io/token?service=registry.docker.io&scope=repository:$REPO/$IMAGE:pull" | jq --raw-output .token)" \
-H "Accept:application/vnd.docker.distribution.manifest.v2+json" \
"$REGISTRY/$REPO/$IMAGE/manifests/$TAG"
见
- this gist 再举个例子
- 这个 repo 用于可重复使用的脚本 docker-image-size-curl.sh
hub.docker.com works differently 的授权,您似乎无法从那里获得清单