Skip to content
This repository has been archived by the owner on Oct 18, 2022. It is now read-only.

Move down "apt-get indextargets" to avoid creating binary blobs #187

Merged
merged 1 commit into from
Sep 14, 2020
Merged

Move down "apt-get indextargets" to avoid creating binary blobs #187

merged 1 commit into from
Sep 14, 2020

Conversation

tianon
Copy link
Owner

@tianon tianon commented Sep 8, 2020
edited
Loading

Fixes #185

Here's an example generated Dockerfile from this change:

FROM scratch
ADD ubuntu-bionic-core-cloudimg-amd64-root.tar.gz /

# a few minor docker-specific tweaks
# see /~https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap
RUN set -xe \
	\
# /~https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L40-L48
	&& echo '#!/bin/sh' > /usr/sbin/policy-rc.d \
	&& echo 'exit 101' >> /usr/sbin/policy-rc.d \
	&& chmod +x /usr/sbin/policy-rc.d \
	\
# /~https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L54-L56
	&& dpkg-divert --local --rename --add /sbin/initctl \
	&& cp -a /usr/sbin/policy-rc.d /sbin/initctl \
	&& sed -i 's/^exit.*/exit 0/' /sbin/initctl \
	\
# /~https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L71-L78
	&& echo 'force-unsafe-io' > /etc/dpkg/dpkg.cfg.d/docker-apt-speedup \
	\
# /~https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L85-L105
	&& echo 'DPkg::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' > /etc/apt/apt.conf.d/docker-clean \
	&& echo 'APT::Update::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' >> /etc/apt/apt.conf.d/docker-clean \
	&& echo 'Dir::Cache::pkgcache ""; Dir::Cache::srcpkgcache "";' >> /etc/apt/apt.conf.d/docker-clean \
	\
# /~https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L109-L115
	&& echo 'Acquire::Languages "none";' > /etc/apt/apt.conf.d/docker-no-languages \
	\
# /~https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L118-L130
	&& echo 'Acquire::GzipIndexes "true"; Acquire::CompressionTypes::Order:: "gz";' > /etc/apt/apt.conf.d/docker-gzip-indexes \
	\
# /~https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L134-L151
	&& echo 'Apt::AutoRemove::SuggestsImportant "false";' > /etc/apt/apt.conf.d/docker-autoremove-suggests

# verify that the APT lists files do not exist
RUN [ -z "$(apt-get indextargets)" ]
# (see https://bugs.launchpad.net/cloud-images/+bug/1699913)

# make systemd-detect-virt return "docker"
# See: /~https://github.com/systemd/systemd/blob/aa0c34279ee40bce2f9681b496922dedbadfca19/src/basic/virt.c#L434
RUN mkdir -p /run/systemd && echo 'docker' > /run/systemd/container

CMD ["/bin/bash"]

@tianon tianon requested a review from mwhudson September 8, 2020 17:39
mwhudson
mwhudson approved these changes Sep 9, 2020
View reviewed changes
Copy link
Collaborator

@mwhudson mwhudson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we test that this works? But LGTM, happy to "test in prod" if that's easier.

@tianon tianon force-pushed the apt-get-indextargets branch from 8e7fccc to e41bd04 Compare September 9, 2020 22:26
@tianon
Copy link
Owner Author

tianon commented Sep 9, 2020

That's a good point -- in testing, I found this generated bad Dockerfiles, which I've pushed a fix for.

Here's the test result:

$ docker history ubuntu:bionic
IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
6526a1858e5d        3 weeks ago         /bin/sh -c #(nop)  CMD ["/bin/bash"]            0B                  
<missing>           3 weeks ago         /bin/sh -c mkdir -p /run/systemd && echo 'do…   7B                  
<missing>           3 weeks ago         /bin/sh -c set -xe   && echo '#!/bin/sh' > /…   745B                
<missing>           3 weeks ago         /bin/sh -c [ -z "$(apt-get indextargets)" ]     987kB               
<missing>           3 weeks ago         /bin/sh -c #(nop) ADD file:5c125b7f411566e9d…   63.2MB

(note that 987kB layer)

$ docker history 0682b39f5300
IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
0682b39f5300        5 minutes ago       /bin/sh -c #(nop)  CMD ["/bin/bash"]            0B                  
8094216d35e4        5 minutes ago       /bin/sh -c mkdir -p /run/systemd && echo 'do…   7B                  
f5f0118f39c3        5 minutes ago       /bin/sh -c [ -z "$(apt-get indextargets)" ]     0B                  
49d4087b48bc        6 minutes ago       /bin/sh -c set -xe   && echo '#!/bin/sh' > /…   745B                
aa96a0939408        6 minutes ago       /bin/sh -c #(nop) ADD file:2ba91a2107a9cb21e…   63.2MB

(note the 0B layer)

@mwhudson mwhudson merged commit 5855767 into master Sep 14, 2020
@tianon tianon deleted the apt-get-indextargets branch September 14, 2020 17:02
@tianon tianon mentioned this pull request Sep 14, 2020
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@mwhudson mwhudson mwhudson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@tianon @mwhudson