首页 > 其他分享 >containerd 镜像层分析

containerd 镜像层分析

时间:2024-02-04 23:33:09浏览次数:37  
标签:分析 vnd containerd application 镜像 docker sha256 digest size

meta.db找到 d842e8e2623636b8fb0d070a2dd9592c1eb0ebfa975c6a283960bc1f710feab4

mediatype: application/vnd.docker.distribution.manifest.v2+json 多种类型 application/vnd.docker.distribution.manifest.list.v2+json

======================================================================================================|======================================================================================================
- v1 | Path: v1 → default → images → docker.io/library/nginx:1.21 → target → mediatype
- default | Key: mediatype
+ content | Value: application/vnd.docker.distribution.manifest.list.v2+json
- images |
+ docker.io/library/centos:latest |
- docker.io/library/nginx:1.21 |
- target |
digest: sha256:2bcabc23b45489fb0885d69a06ba1d648aeda973fae7bb981bafbb884165e514 |
mediatype: application/vnd.docker.distribution.manifest.list.v2+json |
size: 8c1d |
createdat: 010000000edd4ecdbf1dd31b12ffff |
updatedat: 010000000edd4ecdbf1dd31b12ffff |
- docker.io/library/nginx:latest |
+ target |
createdat: 010000000edd51675606c9fbf3ffff |
updatedat: 010000000edd51675606c9fbf3ffff |
- localhost/test:1 |
- annotations |
io.containerd.image.name: localhost/test:1 |
org.opencontainers.image.ref.name: 1 |
- target |
digest: sha256:d842e8e2623636b8fb0d070a2dd9592c1eb0ebfa975c6a283960bc1f710feab4 |
mediatype: application/vnd.docker.distribution.manifest.v2+json |
size: b621 |
createdat: 010000000edd51691d2355a336ffff |
updatedat: 010000000edd51691d2355a336ffff |
+ leases |
+ snapshots |
version: 06


[root@node1 containerd]# cat ./io.containerd.content.v1.content/blobs/sha256/d842e8e2623636b8fb0d070a2dd9592c1eb0ebfa975c6a283960bc1f710feab4 |jq
{
"schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"config": {
"mediaType": "application/vnd.docker.container.image.v1+json",
"digest": "sha256:95ec8d45232146497bcec477f8ede64ac2efc6d92d2fa55965341cd467c08af6",
"size": 2813
},
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar",
"digest": "sha256:2e112031b4b923a873c8b3d685d48037e4d5ccd967b658743d93a6e56c3064b9",
"size": 4492288
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar",
"digest": "sha256:d6a8454dcdfaf1e5e34f56ea4bca513c2a828c90a1b62500943b65a61234bd34",
"size": 6144
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar",
"digest": "sha256:2d691d912a485454b4f70342817a0f8b674f82004360f1b0fc91de5f2e126b4f",
"size": 3072
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar",
"digest": "sha256:752bc698d93269a4d7fd6389df9ac704efdb6f17d4a6d19aaed5c114c9a8c17c",
"size": 3072
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar",
"digest": "sha256:71ff98296e6021ca76916abc6584bb41d8fa1ea532b1e449b9af3433307f3455",
"size": 3072
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar",
"digest": "sha256:19533e306c03e7362627ad45ad5c82166f778630bbe697aaaf57f75c300248d0",
"size": 3072
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar",
"digest": "sha256:44ef656eed064e13cd6396b31cc317183e89477cbbf66e8dd89ab6e7a2087ebb",
"size": 2560
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar",
"digest": "sha256:800dc69e2834bf155d9e6cd89394815c8abfb0da1d69a4cae0dfd400f7e186aa",
"size": 3072
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar",
"digest": "sha256:1b4b8ac06dc92ee6c30a06eac061d082763a9a1f4085cc7dda4e31fb59272ab4",
"size": 3072
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar",
"digest": "sha256:b7e89ea5b915cb9f99d728b803769a68d40bf351134c1944fd558119b6b5e30f",
"size": 3072
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar",
"digest": "sha256:825721ce82da3b0e231ac621fa138c738920c364c5c47050073d09197d516dd6",
"size": 3072
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar",
"digest": "sha256:36cd99a16b1074ac9470cb9f65978148b7a244447d885941dd8f34c0decf9e5e",
"size": 3072
}
]
}


cat ./io.containerd.content.v1.content/blobs/sha256/95ec8d45232146497bcec477f8ede64ac2efc6d92d2fa55965341cd467c08af6|jq


"diff_ids": [
"sha256:2e112031b4b923a873c8b3d685d48037e4d5ccd967b658743d93a6e56c3064b9",
"sha256:d6a8454dcdfaf1e5e34f56ea4bca513c2a828c90a1b62500943b65a61234bd34",
"sha256:2d691d912a485454b4f70342817a0f8b674f82004360f1b0fc91de5f2e126b4f",
"sha256:752bc698d93269a4d7fd6389df9ac704efdb6f17d4a6d19aaed5c114c9a8c17c",
"sha256:71ff98296e6021ca76916abc6584bb41d8fa1ea532b1e449b9af3433307f3455",
"sha256:19533e306c03e7362627ad45ad5c82166f778630bbe697aaaf57f75c300248d0",
"sha256:44ef656eed064e13cd6396b31cc317183e89477cbbf66e8dd89ab6e7a2087ebb",
"sha256:800dc69e2834bf155d9e6cd89394815c8abfb0da1d69a4cae0dfd400f7e186aa",
"sha256:1b4b8ac06dc92ee6c30a06eac061d082763a9a1f4085cc7dda4e31fb59272ab4",
"sha256:b7e89ea5b915cb9f99d728b803769a68d40bf351134c1944fd558119b6b5e30f",
"sha256:825721ce82da3b0e231ac621fa138c738920c364c5c47050073d09197d516dd6",
"sha256:36cd99a16b1074ac9470cb9f65978148b7a244447d885941dd8f34c0decf9e5e"
]
},

也可以通过调用nerdctl inspect images 获取 diff_ids


chainID(n)=sha256sum(chainID(n-1)) diffID(n))
chainid(1) = diffID(1)) =2e112031b4b923a873c8b3d685d48037e4d5ccd967b658743d93a6e56c3064b9
chainid(2) = echo -n 'sha256:2e112031b4b923a873c8b3d685d48037e4d5ccd967b658743d93a6e56c3064b9 sha256:d6a8454dcdfaf1e5e34f56ea4bca513c2a828c90a1b62500943b65a61234bd34' | sha256sum
=ccc99401c98a738d382a2567ff1467b598193b74c449232b6544c78661d0d534
chainid(3) = echo -n 'sha256:ccc99401c98a738d382a2567ff1467b598193b74c449232b6544c78661d0d534 sha256:2d691d912a485454b4f70342817a0f8b674f82004360f1b0fc91de5f2e126b4f' | sha256sum
=03fe3a03b16acdb2f08e7d09327cbe283ad432d3286ea8c88554a53c5f628cff
chainid(4) = echo -n 'sha256:03fe3a03b16acdb2f08e7d09327cbe283ad432d3286ea8c88554a53c5f628cff sha256:752bc698d93269a4d7fd6389df9ac704efdb6f17d4a6d19aaed5c114c9a8c17c' | sha256sum
=b33389bff1996dd113f5dbdec553b4b9cd0333363fcba675571667ff82736645

以chainID4 为例

meta2.db snaphots内容根据 b33389bff1996dd113f5dbdec553b4b9cd0333363fcba675571667ff82736645 找到 default/36/sha256:b33389bff1996dd113f5dbdec553b4b9cd0333363fcba675571667ff82736645
- sha256:b33389bff1996dd113f5dbdec553b4b9cd0333363fcba675571667ff82736645 |
- children |
sha256:e043fcb0d70e2f3022d0a74d2eff241931d3237a1bcea70feeb42c69056bb85e: |
createdat: 010000000edd51691d37925d86ffff |
name: default/36/sha256:b33389bff1996dd113f5dbdec553b4b9cd0333363fcba675571667ff82736645 |
parent: sha256:03fe3a03b16acdb2f08e7d09327cbe283ad432d3286ea8c88554a53c5f628cff |
updatedat: 010000000edd51691d37925d86ffff

 

metadata2.db里找到default/36/sha256:b33389bff1996dd113f5dbdec553b4b9cd0333363fcba675571667ff82736645

snaphots 发现id是12
- default/36/sha256:b33389bff1996dd113f5dbdec553b4b9cd0333363fcba675571667ff82736645 |
createdat: 010000000edd51691d379442adffff |
id: 12 |
inodes: 08 |
kind: 03 |
parent: default/34/sha256:03fe3a03b16acdb2f08e7d09327cbe283ad432d3286ea8c88554a53c5f628cff |
size: 8040 |
updatedat: 010000000edd51691d379442adffff

计算结果是18
package main

import (
"encoding/binary"
"fmt"
)

func main() {
data := []byte{0x12}
x, n := binary.Uvarint(data)
if n != len(data) {
fmt.Println("Uvarint did not consume all of in")
}
fmt.Println(x)
}
因此解压后是 /var/lib/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots/18/fs


diffid 在meta.db blob中不一定能直接找到
需要遍历
containerd.io/uncompressed: sha256:752bc698d93269a4d7fd6389df9ac704efdb6f17d4a6d19aaed5(少了一些位数)
752bc698d93269a4d7fd6389df9ac704efdb6f17d4a6d19aaed5c114c9a8c17c

meta.db blob 内容 找到752bc698d93269a4d7fd6389df9ac704efdb6f17d4a6d19aaed5c114c9a8c17c 即是解压前的原始数据

=
- v1 | Path: v1 → default → content → blob → sha256:752bc698d93269a4d7fd6389df9ac704efdb6f17d4a6d19aaed5c114
- default | Key: containerd.io/uncompressed
- content | Value: sha256:752bc698d93269a4d7fd6389df9ac704efdb6f17d4a6d19aaed5c114c9a8c17c
- blob |
+ sha256:0e901e68141fd02f237cf63eb842529f8a9500636a9419e3cf4fb986b8fe3d5d |
+ sha256:19533e306c03e7362627ad45ad5c82166f778630bbe697aaaf57f75c300248d0 |
+ sha256:1b4b8ac06dc92ee6c30a06eac061d082763a9a1f4085cc7dda4e31fb59272ab4 |
+ sha256:1ef1c1a36ec24a6e2e803471dd61fd79a5a28666c553c4cccc26f2225d48b307 |
+ sha256:25dedae0aceb6b4fe5837a0acbacc6580453717f126a095aa05a3c6fcea14dd4 |
+ sha256:2bcabc23b45489fb0885d69a06ba1d648aeda973fae7bb981bafbb884165e514 |
+ sha256:2d691d912a485454b4f70342817a0f8b674f82004360f1b0fc91de5f2e126b4f |
+ sha256:2e112031b4b923a873c8b3d685d48037e4d5ccd967b658743d93a6e56c3064b9 |
+ sha256:36cd99a16b1074ac9470cb9f65978148b7a244447d885941dd8f34c0decf9e5e |
+ sha256:398157bc5c51a9e2e4ceb552c196bee781b157c9ef4760f76ed3ddd34164fe71 |
+ sha256:42c077c10790d51b6f75c4eb895cbd4da37558f7215b39cbf64c46b288f89bda |
+ sha256:44ef656eed064e13cd6396b31cc317183e89477cbbf66e8dd89ab6e7a2087ebb |
+ sha256:5d0da3dc976460b72c77d94c8a1ad043720b0416bfc16c52c45d4847e53fadb6 |
+ sha256:5f44022eab9198d75939d9eaa5341bc077eca16fa51d4ef32d33f1bd4c8cbe7d |
+ sha256:62c70f376f6a97b1b1f970100583b01740ee4d0f1305226880d7f1624e425b9b |
+ sha256:71ff98296e6021ca76916abc6584bb41d8fa1ea532b1e449b9af3433307f3455 |
- sha256:752bc698d93269a4d7fd6389df9ac704efdb6f17d4a6d19aaed5c114c9a8c17c (和containerd.io/uncompressed 里面的id 不一定一致) |
- labels |
containerd.io/uncompressed: sha256:752bc698d93269a4d7fd6389df9ac704efdb6f17d4a6d19aaed5c1|
createdat: 010000000edd51691b1c52234bffff |
size: 8030 |
updatedat: 010000000edd51691d390f96abffff

标签:分析,vnd,containerd,application,镜像,docker,sha256,digest,size
From: https://www.cnblogs.com/rincloud/p/18007224

相关文章

  • R语言LASSO特征选择、决策树CART算法和CHAID算法电商网站购物行为预测分析
    全文链接:http://tecdat.cn/?p=32275原文出处:拓端数据部落公众号本文通过分析电子商务平台的用户购物行为,帮助客户构建了一个基于决策树模型的用户购物行为预测分析模型。该模型可以帮助企业预测用户的购物意愿、购物频率及购买金额等重要指标,为企业制定更有针对性的营销策略提供......
  • R语言Kmeans聚类、PAM、DBSCAN、AGNES、FDP、PSO粒子群聚类分析iris数据结果可视化比
    全文链接:http://tecdat.cn/?p=32007原文出处:拓端数据部落公众号本文以iris数据和模拟数据为例,帮助客户了比较R语言Kmeans聚类算法、PAM聚类算法、DBSCAN聚类算法、AGNES聚类算法、FDP聚类算法、PSO粒子群聚类算法在iris数据结果可视化分析中的优缺点。结果:聚类算法的聚类结......
  • js 基于能力检测进行浏览器分析
    虽然可能有人觉得能力检测类似于黑科技,但恰当地使用能力检测可以精准地分析运行代码的浏览器。使用能力检测而非用户代理检测的优点在于,伪造用户代理字符串很简单,而伪造能够欺骗能力检测的浏览器特性却很难。检测特性可以按照能力将浏览器归类。如果你的应用程序需要使用特定的浏......
  • js 浏览器分析
    想要知道自己代码运行在什么浏览器上,大部分开发者会分析window.navigator.userAgent返回的字符串值。所有浏览器都会提供这个值,如果相信这些返回值并基于给定的一组浏览器检测这个字符串,最终会得到关于浏览器和操作系统的比较精确的结果。相比于能力检测,用户代理检测还是有一定......
  • 【可观测性系列】 OpenTelemetry Collector的部署模式分析
    ......
  • docker部署的坑--基于 alpine 制作docker镜像时
    基于alpine制作docker镜像时大家经常爱用alpine镜像 FROMopenjdk:8-jdk-alpine但这个镜像是一个精简版,里面缺不少东西,常见的问题如下:1、alpine操作系统下的软件库(国外)经常崩#国外的软件库崩掉时会出现“ERROR:http://dl-cdn.alpinelinux.org/alpine/v3.16/main:tempo......
  • [经验] 怎么分析这段感情的变化情况
    1、怎么分析这段感情的变化感情是人与人之间最为复杂而又最为重要的纽带之一。无论是亲情、友情还是爱情,都会经历许多的波折和变化。对于感情的变化,我们需要用理性的眼光去解析,找到原因,寻求解决之道。分析感情的变化要从根本原因入手。有些感情破裂的原因是表面的,比如互相之间的误......
  • NVIDIA显卡驱动NVIDIA-Linux-x86_64-545.29.02 安装错误分析之一
    software/NVIDIA-Linux-x86_64-545.29.02/kernel-open/nvidia/libspdm_shash.c:在函数‘lkca_hmac_duplicate’中:/software/NVIDIA-Linux-x86_64-545.29.02/kernel-open/nvidia/libspdm_shash.c:90:26:错误:implicitdeclarationoffunction‘crypto_tfm_ctx_aligned’;didy......
  • Vue 3开发者必看:路由传参的终极分析与实践建议!
    前言在Vue应用中,路由传参是一项常见的需求,它允许我们在不同的页面之间传递数据,实现更加灵活和动态的页面交互。下面我将介绍如何在Vue应用中实现路由传参,包括基本的路由参数传递和更复杂的场景下的传参技巧。router与route区别router是通过VueRouter构造函数new出来得到了的一......
  • kekingcn/file-online-preview服务打包arm架构镜像
    1.gitte地址https://gitee.com/kekingcn/file-online-preview?_from=gitee_search 2.基础镜像打包FROMubuntu:20.04MAINTAINERchenjh"[email protected]"#内置一些常用的中文字体,避免普遍性乱码COPYfonts/*/usr/share/fonts/chinese/RUNapt-getclean&&apt-ge......