From d527c4ff642a926dc6f0e2b38559857e72743022 Mon Sep 17 00:00:00 2001 From: Pratik Raj Date: Fri, 6 Mar 2020 15:33:27 +0530 Subject: [PATCH 1/2] debian: Don't install recommended software By default, Ubuntu or Debian based "apt" or "apt-get" system installs recommended but not suggested packages . By passing "--no-install-recommends" option, the user lets apt-get know not to consider recommended packages as a dependency to install. This results in smaller downloads and installation of packages . Refer to blog at [Ubuntu Blog](https://ubuntu.com/blog/we-reduced-our-docker-images-by-60-with-no-install-recommends) . Fixes: #970 Signed-off-by: Pratik Raj --- .ci/azure/pipelines/obs-packaging-ci.yml | 2 +- .ci/azure/pipelines/release.yml | 2 +- .ci/setup.sh | 2 +- Jenkinsfiles/release_pieline/bump.sh | 4 ++-- ccloudvm/kata-docker-xenial.yaml | 2 +- snap/README.md | 2 +- snap/snapcraft.yaml | 4 ++-- static-build/cloud-hypervisor/docker-build/Dockerfile | 2 +- static-build/qemu-virtiofs/Dockerfile | 2 +- static-build/qemu/Dockerfile | 2 +- static-build/scripts/kata-configure-docker.sh | 2 +- tests/run_obs_testing.sh | 2 +- 12 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.ci/azure/pipelines/obs-packaging-ci.yml b/.ci/azure/pipelines/obs-packaging-ci.yml index 2bff8abdc0..9197341cd9 100644 --- a/.ci/azure/pipelines/obs-packaging-ci.yml +++ b/.ci/azure/pipelines/obs-packaging-ci.yml @@ -21,7 +21,7 @@ jobs: - bash: | sudo apt-get update -y -qq - sudo apt-get install -y git + sudo apt-get --no-install-recommends install -y git git config --global user.email "azure-pipeline@kata.io" git config --global user.name "azure-pipeline" .ci/packaging/setup.sh diff --git a/.ci/azure/pipelines/release.yml b/.ci/azure/pipelines/release.yml index 58312dc72e..c8c4bee1d1 100644 --- a/.ci/azure/pipelines/release.yml +++ b/.ci/azure/pipelines/release.yml @@ -21,7 +21,7 @@ jobs: - bash: | sudo apt-get update -y -qq - sudo apt-get install -y git + sudo apt-get --no-install-recommends install -y git git config --global user.email "azure-pipeline@kata.io" git config --global user.name "azure-pipeline" displayName: 'Setup' diff --git a/.ci/setup.sh b/.ci/setup.sh index 5d9b04f014..f8f264dd74 100755 --- a/.ci/setup.sh +++ b/.ci/setup.sh @@ -37,7 +37,7 @@ if [ "$SNAP_CI" == "true" ] && [ "$ID" == "ubuntu" ]; then export INSTALL_KATA="no" echo "Install snap dependencies" - sudo apt-get install -y snapd snapcraft make + sudo apt-get --no-install-recommends install -y snapd snapcraft make echo "Building snap image" make snap diff --git a/Jenkinsfiles/release_pieline/bump.sh b/Jenkinsfiles/release_pieline/bump.sh index cddeadae91..b9f5bffb6e 100755 --- a/Jenkinsfiles/release_pieline/bump.sh +++ b/Jenkinsfiles/release_pieline/bump.sh @@ -47,12 +47,12 @@ install_go() { install_docker() { echo "Installing docker" - sudo -E apt-get -y install apt-transport-https ca-certificates software-properties-common + sudo -E apt-get --no-install-recommends install -y apt-transport-https ca-certificates software-properties-common curl -sL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - arch=$(dpkg --print-architecture) sudo -E add-apt-repository "deb [arch=${arch}] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" sudo -E apt-get update - sudo -E apt-get -y install docker-ce + sudo -E apt-get --no-install-recommends install -y docker-ce } setup_git() { diff --git a/ccloudvm/kata-docker-xenial.yaml b/ccloudvm/kata-docker-xenial.yaml index c7326e3687..c29c2bd64b 100644 --- a/ccloudvm/kata-docker-xenial.yaml +++ b/ccloudvm/kata-docker-xenial.yaml @@ -34,7 +34,7 @@ runcmd: - sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/katacontainers:/releases:/${ARCH}:/master/xUbuntu_$(lsb_release -rs)/ /' > /etc/apt/sources.list.d/kata-containers.list" - {{proxyVars .}} curl -sL http://download.opensuse.org/repositories/home:/katacontainers:/releases:/${ARCH}:/master/xUbuntu_$(lsb_release -rs)/Release.key | sudo apt-key add - - sudo -E apt-get update - - sudo -E apt-get -y install kata-runtime + - sudo -E apt-get --no-install-recommends install -y kata-runtime - {{endTaskCheck .}} ... diff --git a/snap/README.md b/snap/README.md index eb360532a8..9df4ddc628 100644 --- a/snap/README.md +++ b/snap/README.md @@ -17,7 +17,7 @@ Kata Containers can be installed in any Linux distribution that supports [snapd](https://docs.snapcraft.io/installing-snapd). For this example, we assume Ubuntu as your base distro. ```sh -$ sudo apt-get install -y snapd snapcraft +$ sudo apt-get --no-install-recommends install -y snapd snapcraft ``` ## Install snap diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index e8bcd59a96..21228ce156 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -196,7 +196,7 @@ parts: # install podman sudo add-apt-repository -y ppa:projectatomic/ppa sudo apt-get update - sudo apt-get -y install podman + sudo apt-get --no-install-recommends install -y podman # Build and install cni plugings echo "Retrieve CNI plugins repository" @@ -382,7 +382,7 @@ parts: done # Only x86_64 supports libpmem - [ "$(uname -m)" = "x86_64" ] && sudo apt-get install -y libpmem-dev + [ "$(uname -m)" = "x86_64" ] && sudo apt-get --no-install-recommends install -y libpmem-dev chmod +x ${SNAPCRAFT_STAGE}/scripts/configure-hypervisor.sh # static build diff --git a/static-build/cloud-hypervisor/docker-build/Dockerfile b/static-build/cloud-hypervisor/docker-build/Dockerfile index 4c511b7a04..0218b5a4dd 100644 --- a/static-build/cloud-hypervisor/docker-build/Dockerfile +++ b/static-build/cloud-hypervisor/docker-build/Dockerfile @@ -6,7 +6,7 @@ FROM ubuntu:18.04 RUN apt-get update -RUN apt-get install -yq build-essential mtools libssl-dev pkg-config curl git +RUN apt-get --no-install-recommends install -yq build-essential mtools libssl-dev pkg-config curl git RUN nohup curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y RUN echo 'source $HOME/.cargo/env' >> $HOME/.bashrc ENV PATH="/root/.cargo/bin:${PATH}" diff --git a/static-build/qemu-virtiofs/Dockerfile b/static-build/qemu-virtiofs/Dockerfile index bee08b6680..c6ee944562 100644 --- a/static-build/qemu-virtiofs/Dockerfile +++ b/static-build/qemu-virtiofs/Dockerfile @@ -8,7 +8,7 @@ ARG PREFIX WORKDIR /root/qemu-virtiofs RUN apt-get update && apt-get upgrade -y -RUN apt-get install -y \ +RUN apt-get --no-install-recommends install -y \ autoconf \ automake \ bc \ diff --git a/static-build/qemu/Dockerfile b/static-build/qemu/Dockerfile index 76c26e0dbf..5741ef5430 100644 --- a/static-build/qemu/Dockerfile +++ b/static-build/qemu/Dockerfile @@ -8,7 +8,7 @@ ARG PREFIX WORKDIR /root/qemu RUN apt-get update && apt-get upgrade -y -RUN apt-get install -y \ +RUN apt-get --no-install-recommends install -y \ autoconf \ automake \ bc \ diff --git a/static-build/scripts/kata-configure-docker.sh b/static-build/scripts/kata-configure-docker.sh index d25214eeb6..b0f458d573 100644 --- a/static-build/scripts/kata-configure-docker.sh +++ b/static-build/scripts/kata-configure-docker.sh @@ -122,7 +122,7 @@ setup() case "$distro" in centos|rhel) $chronic sudo -E yum -y install "$pkg" ;; - debian|ubuntu) $chronic sudo -E apt -y install "$pkg" ;; + debian|ubuntu) $chronic sudo -E apt-get --no-install-recommends install -y "$pkg" ;; fedora) $chronic sudo -E dnf -y install "$pkg" ;; opensuse|sles) $chronic sudo -E zypper -y install "$pkg" ;; *) die "do not know how to install command $pkg' for distro '$distro'" ;; diff --git a/tests/run_obs_testing.sh b/tests/run_obs_testing.sh index 64d5d3df12..5c915dc88c 100755 --- a/tests/run_obs_testing.sh +++ b/tests/run_obs_testing.sh @@ -50,7 +50,7 @@ generate_dockerfile() { ;; debian|ubuntu) UPDATE="apt-get -y update" - DEPENDENCIES="apt-get install -y curl git gnupg2 lsb-release sudo" + DEPENDENCIES="apt-get --no-install-recommends install -y curl git gnupg2 lsb-release sudo" ;; fedora) UPDATE="dnf -y update" From 9a6bd12e11d6062b86a4719c1a37ac4e27da6c5c Mon Sep 17 00:00:00 2001 From: Pratik Raj Date: Tue, 17 Mar 2020 12:01:32 +0530 Subject: [PATCH 2/2] debian: Install missing ca-certificates package Because CI build is 1. Slow and in log it is showing because "apt-utils" not installed 2. to avoid CI build to exits with error without having certificate Fixes: #970 Signed-off-by: Pratik Raj --- .ci/azure/pipelines/release.yml | 2 +- Jenkinsfiles/release_pieline/bump.sh | 2 +- ccloudvm/kata-docker-xenial.yaml | 2 +- snap/README.md | 2 +- snap/snapcraft.yaml | 4 ++-- static-build/cloud-hypervisor/docker-build/Dockerfile | 2 +- static-build/qemu-virtiofs/Dockerfile | 2 ++ static-build/qemu/Dockerfile | 2 ++ tests/run_obs_testing.sh | 2 +- 9 files changed, 12 insertions(+), 8 deletions(-) diff --git a/.ci/azure/pipelines/release.yml b/.ci/azure/pipelines/release.yml index c8c4bee1d1..f30b3d9685 100644 --- a/.ci/azure/pipelines/release.yml +++ b/.ci/azure/pipelines/release.yml @@ -21,7 +21,7 @@ jobs: - bash: | sudo apt-get update -y -qq - sudo apt-get --no-install-recommends install -y git + sudo apt-get --no-install-recommends install -y apt-utils ca-certificates git git config --global user.email "azure-pipeline@kata.io" git config --global user.name "azure-pipeline" displayName: 'Setup' diff --git a/Jenkinsfiles/release_pieline/bump.sh b/Jenkinsfiles/release_pieline/bump.sh index b9f5bffb6e..cc6a025907 100755 --- a/Jenkinsfiles/release_pieline/bump.sh +++ b/Jenkinsfiles/release_pieline/bump.sh @@ -47,7 +47,7 @@ install_go() { install_docker() { echo "Installing docker" - sudo -E apt-get --no-install-recommends install -y apt-transport-https ca-certificates software-properties-common + sudo -E apt-get --no-install-recommends install -y apt-transport-https apt-utils ca-certificates software-properties-common curl -sL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - arch=$(dpkg --print-architecture) sudo -E add-apt-repository "deb [arch=${arch}] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" diff --git a/ccloudvm/kata-docker-xenial.yaml b/ccloudvm/kata-docker-xenial.yaml index c29c2bd64b..5df84e1ffd 100644 --- a/ccloudvm/kata-docker-xenial.yaml +++ b/ccloudvm/kata-docker-xenial.yaml @@ -34,7 +34,7 @@ runcmd: - sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/katacontainers:/releases:/${ARCH}:/master/xUbuntu_$(lsb_release -rs)/ /' > /etc/apt/sources.list.d/kata-containers.list" - {{proxyVars .}} curl -sL http://download.opensuse.org/repositories/home:/katacontainers:/releases:/${ARCH}:/master/xUbuntu_$(lsb_release -rs)/Release.key | sudo apt-key add - - sudo -E apt-get update - - sudo -E apt-get --no-install-recommends install -y kata-runtime + - sudo -E apt-get --no-install-recommends install -y apt-utils ca-certificates kata-runtime - {{endTaskCheck .}} ... diff --git a/snap/README.md b/snap/README.md index 9df4ddc628..12a1d6248f 100644 --- a/snap/README.md +++ b/snap/README.md @@ -17,7 +17,7 @@ Kata Containers can be installed in any Linux distribution that supports [snapd](https://docs.snapcraft.io/installing-snapd). For this example, we assume Ubuntu as your base distro. ```sh -$ sudo apt-get --no-install-recommends install -y snapd snapcraft +$ sudo apt-get --no-install-recommends install -y apt-utils ca-certificates snapd snapcraft ``` ## Install snap diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 21228ce156..7a10b73f02 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -196,7 +196,7 @@ parts: # install podman sudo add-apt-repository -y ppa:projectatomic/ppa sudo apt-get update - sudo apt-get --no-install-recommends install -y podman + sudo apt-get --no-install-recommends install -y apt-utils ca-certificates podman # Build and install cni plugings echo "Retrieve CNI plugins repository" @@ -382,7 +382,7 @@ parts: done # Only x86_64 supports libpmem - [ "$(uname -m)" = "x86_64" ] && sudo apt-get --no-install-recommends install -y libpmem-dev + [ "$(uname -m)" = "x86_64" ] && sudo apt-get --no-install-recommends install -y apt-utils ca-certificates libpmem-dev chmod +x ${SNAPCRAFT_STAGE}/scripts/configure-hypervisor.sh # static build diff --git a/static-build/cloud-hypervisor/docker-build/Dockerfile b/static-build/cloud-hypervisor/docker-build/Dockerfile index 0218b5a4dd..78aaa2b386 100644 --- a/static-build/cloud-hypervisor/docker-build/Dockerfile +++ b/static-build/cloud-hypervisor/docker-build/Dockerfile @@ -6,7 +6,7 @@ FROM ubuntu:18.04 RUN apt-get update -RUN apt-get --no-install-recommends install -yq build-essential mtools libssl-dev pkg-config curl git +RUN apt-get --no-install-recommends install -yq apt-utils ca-certificates build-essential mtools libssl-dev pkg-config curl git RUN nohup curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y RUN echo 'source $HOME/.cargo/env' >> $HOME/.bashrc ENV PATH="/root/.cargo/bin:${PATH}" diff --git a/static-build/qemu-virtiofs/Dockerfile b/static-build/qemu-virtiofs/Dockerfile index c6ee944562..9f68ce8d95 100644 --- a/static-build/qemu-virtiofs/Dockerfile +++ b/static-build/qemu-virtiofs/Dockerfile @@ -9,10 +9,12 @@ ARG PREFIX WORKDIR /root/qemu-virtiofs RUN apt-get update && apt-get upgrade -y RUN apt-get --no-install-recommends install -y \ + apt-utils \ autoconf \ automake \ bc \ bison \ + ca-certificates \ cpio \ flex \ gawk \ diff --git a/static-build/qemu/Dockerfile b/static-build/qemu/Dockerfile index 5741ef5430..4a09137d09 100644 --- a/static-build/qemu/Dockerfile +++ b/static-build/qemu/Dockerfile @@ -9,10 +9,12 @@ ARG PREFIX WORKDIR /root/qemu RUN apt-get update && apt-get upgrade -y RUN apt-get --no-install-recommends install -y \ + apt-utils \ autoconf \ automake \ bc \ bison \ + ca-certificates \ cpio \ flex \ gawk \ diff --git a/tests/run_obs_testing.sh b/tests/run_obs_testing.sh index 5c915dc88c..916ab3d3fb 100755 --- a/tests/run_obs_testing.sh +++ b/tests/run_obs_testing.sh @@ -50,7 +50,7 @@ generate_dockerfile() { ;; debian|ubuntu) UPDATE="apt-get -y update" - DEPENDENCIES="apt-get --no-install-recommends install -y curl git gnupg2 lsb-release sudo" + DEPENDENCIES="apt-get --no-install-recommends install -y apt-utils ca-certificates curl git gnupg2 lsb-release sudo" ;; fedora) UPDATE="dnf -y update"