Say I'm a software vendor and I am wanting to host images of my software on a Container Registry that I control, but want to prevent distribution of these images by them being uploaded to other public or private Container Registries.
Much like Microsoft (and other vendors) does it; their "base layers" are skipped by default when uploading to a private registry.
de5b52133faf: Pushed
d2425dc4f846: Skipped foreign layer
a7ba3db29ebb: Skipped foreign layerHow does Docker know this? How is it set up in other words?
1 Answer
If you pull the manifests for these images, you'll see that the urls field is populated for those layers:
$ regctl image manifest --platform windows/amd64 golang
{ "schemaVersion": 2, "mediaType": "application/vnd.docker.distribution.manifest.v2+json", "config": { "mediaType": "application/vnd.docker.container.image.v1+json", "size": 7024, "digest": "sha256:ba630408bc63a555f6ad4fae6a2f5eab8fcba7cb050ac51b15d2e607f9fe8591" }, "layers": [ { "mediaType": "application/vnd.docker.image.rootfs.foreign.diff.tar.gzip", "size": 1718332879, "digest": "sha256:4612f6d0b889cad0ed0292fae3a0b0c8a9e49aff6dea8eb049b2386d9b07986f", "urls": [ "" ] }, { "mediaType": "application/vnd.docker.image.rootfs.foreign.diff.tar.gzip", "size": 720933935, "digest": "sha256:db4edcf0861ff3fdc41851a5a218965ecb2ab6cf4ec9448fb80cc4b6792fd46c", "urls": [ "" ] }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "size": 1362, "digest": "sha256:433d24156d44dde3b3c6c0094ba5824a315286ae537c68f272e464fc426510f6" }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "size": 1387, "digest": "sha256:2a2b02a688b62e8e70705b5d1eeaae912e44e9fb6dd72cfefc104982d61c555f" }, { "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip", "size": 1329, "digest": "sha256:d2bbc05d8cabd13ca38228cb52a2a4c1144c7a230b2c59e2e11b26f1f144f5dd" }, ...You can see that field in the image-spec descriptor definition. I'm not aware of any public tools to generate manifests with this field. At the very least it's not an option when building from a Dockerfile with docker build or buildkit. So you may be writing your own tool to generate these images.
My understanding from conversations with Microsoft employees is they feel this was a mistake and are working hard to undo this from their images because of the workflows that it breaks. For example, any user in a disconnected environment can't pull the image with normal tools. And yet the layers themselves could be pulled with a simple curl command, so there's not a lot of added security being provided by this.
