search

Gallopsled / pwntools

CTF framework and exploit development library
http://pwntools.com
Other
11.74k stars 1.67k forks source link

feat : use --no-cache-dir flag to pip in dockerfiles to save space #2357

Closed Rajpratik71 closed 4 months ago

Rajpratik71 commented 5 months ago

using the "--no-cache-dir" flag in pip install, make sure downloaded packages by pip don't cache on the system. This is a best practice that makes sure to fetch from a repo instead of using a local cached one. Further, in the case of Docker Containers, by restricting caching, we can reduce image size. In terms of stats, it depends upon the number of python packages multiplied by their respective size. e.g for heavy packages with a lot of dependencies it reduces a lot by don't cache pip packages.

Further, more detailed information can be found at

https://medium.com/sciforce/strategies-of-docker-images-optimization-2ca9cc5719b6

Signed-off-by: Pratik Raj rajpratik71@gmail.com

peace-maker commented 5 months ago

Thanks, the develop and travis images are meant for interactive testing and development though, so caching might be useful for those?

peace-maker commented 5 months ago

Are we deleting temporary apt files yet?

Rajpratik71 commented 5 months ago

Are we deleting temporary apt files yet?

looks like, till now we are not doing. I will raise a separate PR for that.

Rajpratik71 commented 5 months ago

Thanks, the develop and travis images are meant for interactive testing and development though, so caching might be useful for those?

Caching will generally be helpful for all images in terms of reducing size.

I added the fix to all files to keep things uniform across files.

peace-maker commented 5 months ago

I was talking about the purpose of the docker images. instead of just using pwntools to run exploits, they are meant to develop pwntools itself which includes touching the dependencies and possibly reinstalling pwntools too. So I thought it would be useful to keep pip's cache enabled for those images.

Do you think otherwise?

Rajpratik71 commented 4 months ago

I was talking about the purpose of the docker images. instead of just using pwntools to run exploits, they are meant to develop pwntools itself which includes touching the dependencies and possibly reinstalling pwntools too. So I thought it would be useful to keep pip's cache enabled for those images.

Do you think otherwise?

It makes sense, but we don't touch dependencies very often, so in most cases keeping the cache small will helped in terms of space, although I reverted for dev image.

peace-maker commented 4 months ago

This saved about 40mb 👍