Docker handles SHA checksums for container integrity. Is there a way for the container itself to access that? I execute a Python program in a container sent to the customer. This code needs to do some integrity checking on startup.

My idea was to

• Get the docker SHA checksum of the container it runs in.
• Get a reference SHA from a trusted outside source.
• Check that they are the same.

I do not want to force the customer to compare checksums or set environment variables like export DOCKER_CONTENT_TRUST=1.

Is there a way to do this, or is there an established equivalent for this?