Docker Image Hash Change

This is just a heads up, fresh installs of Docker 29.0 will break flows relying on pinning containers by hash.

ⓘ Note

Docker Engine 29.0 and later uses the containerd image store by default for fresh installations. The containerd image store uses snapshotters instead of the classic storage drivers described on this page. If you’re running a fresh installation of Docker Engine 29.0 or later, or if you’ve migrated to the containerd image store, this page provides background on how image layers work but the implementation details differ. For information about the containerd image store, see containerd image store.

— From https://docs.docker.com/engine/storage/drivers/

Though perhaps I’m the only one who was using this, and it seems like it is just a different way of computing the hash, so alternatively you could update everything to containerd in one go and use the new hashes. See https://github.com/docker/cli/issues/6996#issuecomment-4501571223 and https://github.com/moby/moby/issues/48391 for more details.

Note: I am building my images outside of docker so https://github.com/moby/moby/issues/48391 doesn’t affect me, but it might affect you if you are. (I’m using Nix to build docker images.)

Props to the docker team for the quick response, this isn’t a complaint, breaking changes are inevitable for something that has been going a while (e.g. presumably we will use sha256 hashes in git at some point), this is more of a missing information for my edge-case that I wanted to document.