1. docker
  2. Commit b0835dd0889b00e231edf78b25fc929a6b148b05
Browse code

Dockerfile: use --no-install-recommends for all stages

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

Sebastiaan van Stijn authored on 2019/07/31 08:49:57
Showing 1 changed files
Dockerfile
History View file @ b0835dd
... ... 
@@ -36,7 +36,7 @@ FROM base AS criu
36 36 
 # Install CRIU for checkpoint/restore support
37 37 
 ENV CRIU_VERSION 3.11
38 38 
 # Install dependency packages specific to criu
39 
-RUN apt-get update && apt-get install -y \
39 
+RUN apt-get update && apt-get install -y --no-install-recommends \
40 40 
 	libnet-dev \
41 41 
 	libprotobuf-c0-dev \
42 42 
 	libprotobuf-dev \
... ... 
@@ -45,7 +45,8 @@ RUN apt-get update && apt-get install -y \
45 45 
 	protobuf-compiler \
46 46 
 	protobuf-c-compiler \
47 47 
 	python-protobuf \
48 
-	&& mkdir -p /usr/src/criu \
48 
+	&& rm -rf /var/lib/apt/lists/*
49 
+RUN mkdir -p /usr/src/criu \
49 50 
 	&& curl -sSL https://github.com/checkpoint-restore/criu/archive/v${CRIU_VERSION}.tar.gz | tar -C /usr/src/criu/ -xz --strip-components=1 \
50 51 
 	&& cd /usr/src/criu \
51 52 
 	&& make \
... ... 
@@ -84,7 +85,10 @@ RUN set -x \
84 84 
 	&& rm -rf "$GOPATH"
85 85
86 86 
 FROM base AS frozen-images
87 
-RUN apt-get update && apt-get install -y jq ca-certificates --no-install-recommends
87 
+RUN apt-get update && apt-get install -y --no-install-recommends \
88 
+	ca-certificates \
89 
+	jq \
90 
+	&& rm -rf /var/lib/apt/lists/*
88 91 
 # Get useful and necessary Hub images so we can "docker load" locally instead of pulling
89 92 
 COPY contrib/download-frozen-image-v2.sh /
90 93 
 RUN /download-frozen-image-v2.sh /build \
... ... 
@@ -102,28 +106,27 @@ RUN dpkg --add-architecture armhf
102 102 
 RUN dpkg --add-architecture arm64
103 103 
 RUN dpkg --add-architecture armel
104 104 
 RUN if [ "$(go env GOHOSTARCH)" = "amd64" ]; then \
105 
-	apt-get update \
106 
-	&& apt-get install -y --no-install-recommends \
105 
+	apt-get update && apt-get install -y --no-install-recommends \
107 106 
 		crossbuild-essential-armhf \
108 107 
 		crossbuild-essential-arm64 \
109 
-		crossbuild-essential-armel; \
108 
+		crossbuild-essential-armel \
109 
+		&& rm -rf /var/lib/apt/lists/*; \
110 110 
 	fi
111 111
112 112 
 FROM cross-${CROSS} as dev-base
113 113
114 114 
 FROM dev-base AS runtime-dev-cross-false
115 
-RUN apt-get update && apt-get install -y \
115 
+RUN apt-get update && apt-get install -y --no-install-recommends \
116 116 
 	libapparmor-dev \
117 
-	libseccomp-dev
118 
-
117 
+	libseccomp-dev \
118 
+	&& rm -rf /var/lib/apt/lists/*
119 119 
 FROM cross-true AS runtime-dev-cross-true
120 120 
 # These crossbuild packages rely on gcc-<arch>, but this doesn't want to install
121 121 
 # on non-amd64 systems.
122 122 
 # Additionally, the crossbuild-amd64 is currently only on debian:buster, so
123 123 
 # other architectures cannnot crossbuild amd64.
124 124 
 RUN if [ "$(go env GOHOSTARCH)" = "amd64" ]; then \
125 
-	apt-get update \
126 
-	&& apt-get install -y \
125 
+	apt-get update && apt-get install -y --no-install-recommends \
127 126 
 		libseccomp-dev:armhf \
128 127 
 		libseccomp-dev:arm64 \
129 128 
 		libseccomp-dev:armel \
... ... 
@@ -133,7 +136,8 @@ RUN if [ "$(go env GOHOSTARCH)" = "amd64" ]; then \
133 133 
 		# install this arches seccomp here due to compat issues with the v0 builder
134 134 
 		# This is as opposed to inheriting from runtime-dev-cross-false
135 135 
 		libapparmor-dev \
136 
-		libseccomp-dev; \
136 
+		libseccomp-dev \
137 
+		&& rm -rf /var/lib/apt/lists/*; \
137 138 
 	fi
138 139
139 140 
 FROM runtime-dev-cross-${CROSS} AS runtime-dev
... ... 
@@ -151,7 +155,9 @@ COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
151 151 
 RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME
152 152
153 153 
 FROM dev-base AS containerd
154 
-RUN apt-get update && apt-get install -y btrfs-tools
154 
+RUN apt-get update && apt-get install -y --no-install-recommends \
155 
+	btrfs-tools \
156 
+	&& rm -rf /var/lib/apt/lists/*
155 157 
 ENV INSTALL_BINARY_NAME=containerd
156 158 
 COPY hack/dockerfile/install/install.sh ./install.sh
157 159 
 COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
... ... 
@@ -188,7 +194,10 @@ COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
188 188 
 RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME
189 189
190 190 
 FROM dev-base AS tini
191 
-RUN apt-get update && apt-get install -y cmake vim-common
191 
+RUN apt-get update && apt-get install -y --no-install-recommends \
192 
+	cmake \
193 
+	vim-common \
194 
+	&& rm -rf /var/lib/apt/lists/*
192 195 
 COPY hack/dockerfile/install/install.sh ./install.sh
193 196 
 ENV INSTALL_BINARY_NAME=tini
194 197 
 COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./
... ... 
@@ -213,7 +222,7 @@ RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker
213 213 
 RUN ldconfig
214 214 
 # This should only install packages that are specifically needed for the dev environment and nothing else
215 215 
 # Do you really need to add another package here? Can it be done in a different build stage?
216 
-RUN apt-get update && apt-get install -y \
216 
+RUN apt-get update && apt-get install -y --no-install-recommends \
217 217 
 	apparmor \
218 218 
 	aufs-tools \
219 219 
 	bash-completion \
... ... 
@@ -240,7 +249,7 @@ RUN apt-get update && apt-get install -y \
240 240 
 	libprotobuf-c1 \
241 241 
 	libnet1 \
242 242 
 	libnl-3-200 \
243 
-	--no-install-recommends
243 
+	&& rm -rf /var/lib/apt/lists/*
244 244
245 245 
 RUN pip3 install yamllint==1.16.0
246 246