Skip to content

Commit 832be7b

Browse files
jlevequejleveque
authored
[dockers] Prevent apt-get from installing suggested and recommended packages by default (#1666)
* [docker-base] Instruct apt-get to NOT install 'recommended' or 'suggested' packages * Modify docker-fpm-quagga, docker-snmp-sv2 and docker-sonic-vs Dockerfile templates in order to properly install .deb dependencies * REDIS_SERVER depends on REDIS_TOOLS; ensure REDIS_TOOLS is always installed before REDIS_SERVER
1 parent 9a23770 commit 832be7b

File tree

10 files changed

+114
-88
lines changed

10 files changed

+114
-88
lines changed

dockers/docker-base/Dockerfile.j2

+2-1
Original file line numberDiff line numberDiff line change
@@ -18,8 +18,9 @@ RUN rm -rf \
1818
ENV DEBIAN_FRONTEND=noninteractive
1919

2020
# Configure data sources for apt/dpkg
21-
COPY ["sources.list", "/etc/apt/sources.list"]
2221
COPY ["dpkg_01_drop", "/etc/dpkg/dpkg.cfg.d/01_drop"]
22+
COPY ["sources.list", "/etc/apt/sources.list"]
23+
COPY ["no_install_recommend_suggest", "/etc/apt/apt.conf.d"]
2324
RUN apt-get update
2425

2526
# Pre-install fundamental packages

dockers/docker-base/no_install_recommend_suggest

+5
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
# Instruct apt-get to NOT install "recommended" or "suggested" packages by
2+
# default when installing a package.
3+
4+
APT::Install-Recommends "false";
5+
APT::Install-Suggests "false";

dockers/docker-database/Dockerfile.j2

+23-23
Original file line numberDiff line numberDiff line change
@@ -1,34 +1,34 @@
11
FROM docker-config-engine
22

3-
## Make apt-get non-interactive
3+
# Make apt-get non-interactive
44
ENV DEBIAN_FRONTEND=noninteractive
55

6+
# Update apt's cache of available packages
67
RUN apt-get update
78

8-
COPY \
9-
{% for deb in docker_database_debs.split(' ') -%}
10-
debs/{{ deb }}{{' '}}
11-
{%- endfor -%}
12-
debs/
13-
14-
## Install redis-tools dependencies
15-
## TODO: implicitly install dependencies
16-
RUN apt-get -y install libjemalloc1
17-
18-
RUN dpkg -i \
19-
{% for deb in docker_database_debs.split(' ') -%}
20-
debs/{{ deb }}{{' '}}
9+
{% if docker_database_debs.strip() -%}
10+
# Copy locally-built Debian package dependencies
11+
{%- for deb in docker_database_debs.split(' ') %}
12+
COPY debs/{{ deb }} /debs/
2113
{%- endfor %}
2214

23-
## Clean up
24-
RUN apt-get clean -y; apt-get autoclean -y; apt-get autoremove -y
25-
RUN rm -rf /debs
26-
27-
RUN sed -ri 's/^(save .*$)/# \1/g; \
28-
s/^daemonize yes$/daemonize no/; \
29-
s/^logfile .*$/logfile ""/; \
30-
s/^# syslog-enabled no$/syslog-enabled no/; \
31-
s/^# unixsocket/unixsocket/; \
15+
# Install locally-built Debian packages and implicitly install their dependencies
16+
{%- for deb in docker_database_debs.split(' ') %}
17+
RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /debs/{{ deb }}
18+
{%- endfor %}
19+
{%- endif %}
20+
21+
# Clean up
22+
RUN apt-get clean -y
23+
RUN apt-get autoclean -y
24+
RUN apt-get autoremove -y
25+
RUN rm -rf /debs ~/.cache
26+
27+
RUN sed -ri 's/^(save .*$)/# \1/g; \
28+
s/^daemonize yes$/daemonize no/; \
29+
s/^logfile .*$/logfile ""/; \
30+
s/^# syslog-enabled no$/syslog-enabled no/; \
31+
s/^# unixsocket/unixsocket/; \
3232
s/^client-output-buffer-limit pubsub [0-9]+mb [0-9]+mb [0-9]+/client-output-buffer-limit pubsub 0 0 0/ \
3333
' /etc/redis/redis.conf
3434

dockers/docker-fpm-quagga/Dockerfile.j2

+18-13
Original file line numberDiff line numberDiff line change
@@ -1,26 +1,31 @@
11
FROM docker-config-engine
22

3-
## Make apt-get non-interactive
3+
# Make apt-get non-interactive
44
ENV DEBIAN_FRONTEND=noninteractive
55

6+
# Update apt's cache of available packages
67
RUN apt-get update
78

8-
RUN apt-get install -y libdbus-1-3 libdaemon0 libjansson4
9+
# Install required packages
10+
RUN apt-get install -y libdbus-1-3 libdaemon0 libjansson4
911

10-
COPY \
11-
{% for deb in docker_fpm_quagga_debs.split(' ') -%}
12-
debs/{{ deb }}{{' '}}
13-
{%- endfor -%}
14-
debs/
12+
{% if docker_fpm_quagga_debs.strip() -%}
13+
# Copy locally-built Debian package dependencies
14+
{%- for deb in docker_fpm_quagga_debs.split(' ') %}
15+
COPY debs/{{ deb }} /debs/
16+
{%- endfor %}
1517

16-
RUN dpkg -i \
17-
{% for deb in docker_fpm_quagga_debs.split(' ') -%}
18-
debs/{{ deb }}{{' '}}
18+
# Install locally-built Debian packages and implicitly install their dependencies
19+
{%- for deb in docker_fpm_quagga_debs.split(' ') %}
20+
RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /debs/{{ deb }}
1921
{%- endfor %}
22+
{%- endif %}
2023

21-
## Clean up
22-
RUN apt-get clean -y; apt-get autoclean -y; apt-get autoremove -y
23-
RUN rm -rf /debs
24+
# Clean up
25+
RUN apt-get clean -y
26+
RUN apt-get autoclean -y
27+
RUN apt-get autoremove -y
28+
RUN rm -rf /debs ~/.cache
2429

2530
COPY ["bgpcfgd", "start.sh", "/usr/bin/"]
2631
COPY ["supervisord.conf", "/etc/supervisor/conf.d/"]

dockers/docker-snmp-sv2/Dockerfile.j2

+48-36
Original file line numberDiff line numberDiff line change
@@ -1,52 +1,64 @@
11
FROM docker-config-engine
22

3-
COPY [ \
4-
{% for deb in docker_snmp_sv2_debs.split(' ') -%}
5-
"debs/{{ deb }}",
6-
{%- endfor %} \
7-
"/debs/"]
8-
9-
# Install Python SwSSSDK (SNMP subagent dependency)
10-
COPY python-wheels/sonic_platform_common-*-py3-*.whl /python-wheels/
11-
COPY python-wheels/swsssdk-*-py3-*.whl /python-wheels/
12-
COPY python-wheels/asyncsnmp-*-py3-*.whl /python-wheels/
13-
14-
# enable -O for all Python calls
3+
# Enable -O for all Python calls
154
ENV PYTHONOPTIMIZE 1
165

17-
## Make apt-get non-interactive
6+
# Make apt-get non-interactive
187
ENV DEBIAN_FRONTEND=noninteractive
198

20-
# install libsnmp30 dependencies
21-
# install libpython3.6-dev dependencies
22-
# install pip dependencies
23-
# TODO: remove libpython3.6-dev, its and pip's dependencies if we can get pip3 directly
24-
# install subagent
25-
# clean up
26-
RUN apt-get update && apt-get install -y libperl5.20 libpci3 libwrap0 \
27-
libexpat1-dev \
28-
curl gcc && \
29-
dpkg -i \
30-
{% for deb in docker_snmp_sv2_debs.split(' ') -%}
31-
debs/{{ deb }}{{' '}}
32-
{%- endfor %} && \
33-
rm -rf /debs && \
34-
curl https://bootstrap.pypa.io/get-pip.py | python3.6 && \
35-
python3.6 -m pip install --no-cache-dir /python-wheels/*py3*.whl hiredis && \
36-
rm -rf /python-wheels && \
37-
python3.6 -m sonic_ax_impl install && \
38-
apt-get -y purge libpython3.6-dev libexpat1-dev curl gcc && \
39-
apt-get clean -y && apt-get autoclean -y && apt-get autoremove -y --purge && \
40-
find / | grep -E "__pycache__" | xargs rm -rf && \
41-
rm -rf ~/.cache
9+
# Update apt's cache of available packages
10+
RUN apt-get update
11+
12+
# Install curl so we can download and install pip later
13+
# Also install major root CA certificates for curl to reference
14+
RUN apt-get install -y curl ca-certificates
15+
16+
# Install gcc which is required for installing hiredis
17+
RUN apt-get install -y gcc
18+
19+
{% if docker_snmp_sv2_debs.strip() -%}
20+
# Copy locally-built Debian package dependencies
21+
{%- for deb in docker_snmp_sv2_debs.split(' ') %}
22+
COPY debs/{{ deb }} /debs/
23+
{%- endfor %}
24+
25+
# Install locally-built Debian packages and implicitly install their dependencies
26+
{%- for deb in docker_snmp_sv2_debs.split(' ') %}
27+
RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /debs/{{ deb }}
28+
{%- endfor %}
29+
{%- endif %}
30+
31+
# Install up-to-date version of pip
32+
RUN curl https://bootstrap.pypa.io/get-pip.py | python3.6
33+
RUN python3.6 -m pip install --no-cache-dir hiredis
34+
35+
{% if docker_snmp_sv2_whls.strip() -%}
36+
# Copy locally-built Python wheel dependencies
37+
{%- for whl in docker_snmp_sv2_whls.split(' ') %}
38+
COPY python-wheels/{{ whl }} /python-wheels/
39+
{%- endfor %}
40+
41+
# Install locally-built Python wheel dependencies
42+
{%- for whl in docker_snmp_sv2_whls.split(' ') %}
43+
RUN pip install /python-wheels/{{ whl }}
44+
{%- endfor %}
45+
{% endif %}
46+
47+
RUN python3.6 -m sonic_ax_impl install
48+
49+
# Clean up
50+
RUN apt-get -y purge libpython3.6-dev curl gcc
51+
RUN apt-get clean -y && apt-get autoclean -y && apt-get autoremove -y --purge
52+
RUN find / | grep -E "__pycache__" | xargs rm -rf
53+
RUN rm -rf /debs /python-wheels ~/.cache
4254

4355
COPY ["start.sh", "/usr/bin/"]
4456
COPY ["supervisord.conf", "/etc/supervisor/conf.d/"]
4557
COPY ["*.j2", "/usr/share/sonic/templates/"]
4658
COPY ["snmpd-config-updater", "/usr/bin/snmpd-config-updater"]
4759
RUN chmod +x /usr/bin/snmpd-config-updater
4860

49-
## Although exposing ports is not needed for host net mode, keep it for possible bridge mode
61+
# Although exposing ports is not needed for host net mode, keep it for possible bridge mode
5062
EXPOSE 161/udp 162/udp
5163

5264
ENTRYPOINT ["/usr/bin/supervisord"]

platform/p4/docker-sonic-p4.mk

+1-1
Original file line numberDiff line numberDiff line change
@@ -5,8 +5,8 @@ $(DOCKER_SONIC_P4)_PATH = $(PLATFORM_PATH)/docker-sonic-p4
55
$(DOCKER_SONIC_P4)_DEPENDS += $(SWSS) \
66
$(SYNCD) \
77
$(P4_SWITCH) \
8-
$(REDIS_SERVER) \
98
$(REDIS_TOOLS) \
9+
$(REDIS_SERVER) \
1010
$(PYTHON_SWSSCOMMON) \
1111
$(LIBTEAMDCT) \
1212
$(LIBTEAM_UTILS) \

platform/vs/docker-sonic-vs.mk

+1-1
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,8 @@ DOCKER_SONIC_VS = docker-sonic-vs.gz
44
$(DOCKER_SONIC_VS)_PATH = $(PLATFORM_PATH)/docker-sonic-vs
55
$(DOCKER_SONIC_VS)_DEPENDS += $(SWSS) \
66
$(SYNCD_VS) \
7-
$(REDIS_SERVER) \
87
$(REDIS_TOOLS) \
8+
$(REDIS_SERVER) \
99
$(PYTHON_SWSSCOMMON) \
1010
$(LIBTEAMDCT) \
1111
$(LIBTEAM_UTILS) \

platform/vs/docker-sonic-vs/Dockerfile.j2

+14-11
Original file line numberDiff line numberDiff line change
@@ -43,20 +43,23 @@ RUN apt-get install -y net-tools \
4343
RUN pip install setuptools
4444
RUN pip install py2_ipaddress
4545

46-
COPY \
47-
{% for deb in docker_sonic_vs_debs.split(' ') -%}
48-
debs/{{ deb }}{{' '}}
49-
{%- endfor -%}
50-
debs/
46+
{% if docker_sonic_vs_debs.strip() -%}
47+
# Copy locally-built Debian package dependencies
48+
{%- for deb in docker_sonic_vs_debs.split(' ') %}
49+
COPY debs/{{ deb }} /debs/
50+
{%- endfor %}
5151

52-
RUN dpkg -i \
53-
{% for deb in docker_sonic_vs_debs.split(' ') -%}
54-
debs/{{ deb }}{{' '}}
52+
# Install locally-built Debian packages and implicitly install their dependencies
53+
{%- for deb in docker_sonic_vs_debs.split(' ') %}
54+
RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /debs/{{ deb }}
5555
{%- endfor %}
56+
{%- endif %}
5657

57-
## Clean up
58-
RUN apt-get clean -y; apt-get autoclean -y; apt-get autoremove -y
59-
RUN rm -rf /debs
58+
# Clean up
59+
RUN apt-get clean -y
60+
RUN apt-get autoclean -y
61+
RUN apt-get autoremove -y
62+
RUN rm -rf /debs ~/.cache
6063

6164
RUN sed -ri 's/^(save .*$)/# \1/g; \
6265
s/^daemonize yes$/daemonize no/; \

rules/docker-database.mk

+1-1
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22

33
DOCKER_DATABASE = docker-database.gz
44
$(DOCKER_DATABASE)_PATH = $(DOCKERS_PATH)/docker-database
5-
$(DOCKER_DATABASE)_DEPENDS += $(REDIS_SERVER) $(REDIS_TOOLS)
5+
$(DOCKER_DATABASE)_DEPENDS += $(REDIS_TOOLS) $(REDIS_SERVER)
66
$(DOCKER_DATABASE)_LOAD_DOCKERS += $(DOCKER_CONFIG_ENGINE)
77
SONIC_DOCKER_IMAGES += $(DOCKER_DATABASE)
88
SONIC_INSTALL_DOCKER_IMAGES += $(DOCKER_DATABASE)

rules/docker-snmp-sv2.mk

+1-1
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ DOCKER_SNMP_SV2 = docker-snmp-sv2.gz
44
$(DOCKER_SNMP_SV2)_PATH = $(DOCKERS_PATH)/docker-snmp-sv2
55
## TODO: remove LIBPY3_DEV if we can get pip3 directly
66
$(DOCKER_SNMP_SV2)_DEPENDS += $(SNMP) $(SNMPD) $(PY3) $(LIBPY3_DEV)
7-
$(DOCKER_SNMP_SV2)_PYTHON_WHEELS += $(ASYNCSNMP_PY3)
7+
$(DOCKER_SNMP_SV2)_PYTHON_WHEELS += $(SONIC_PLATFORM_COMMON_PY3) $(SWSSSDK_PY3) $(ASYNCSNMP_PY3)
88
$(DOCKER_SNMP_SV2)_LOAD_DOCKERS += $(DOCKER_CONFIG_ENGINE)
99
SONIC_DOCKER_IMAGES += $(DOCKER_SNMP_SV2)
1010
SONIC_INSTALL_DOCKER_IMAGES += $(DOCKER_SNMP_SV2)

0 commit comments

Comments
 (0)