Closed Chan9390 closed 4 years ago
This code in Dockerfile doesnt cleanup anything as removing on one layer will not remove the software from the upper layer.
Before I go ahead and optimize, I had a few questions:
git
, libssl-dev
, etc and try to uninstall later ? Is it just to compile yara-python
? Wouldn't pip install yara-python
work ?Definitely there is a scope for optimisation. Go for it. I will answer inline.
No particular reason, ubuntu was just friendly and well tested. We tried using alpine, but went back from that decision since alpine-python build times are high and we haven't got much size optimisation as expected. https://pythonspeed.com/articles/alpine-docker-python/
git
is required to install the yara-python fork that works with APKiD. we need to pip install using git
protocol. For libssl-dev
, it might be a dependency for something else. Try removing it and something might fail.
yara-python is also available as a pip package and can be installed as pip3 install yara-python
. Any reason to compile it from scratch ?
Are there any tests that will check if MobSF is running fine after few modifications ?
We follow the instructions from https://github.com/rednaga/APKiD#installing As far as I know, we cannot use the PyPI version as we have to install dex enabled yara-python which is not available by default.
A quick test specific to APKiD, yara-python is https://github.com/MobSF/Mobile-Security-Framework-MobSF/blob/master/setup.bat#L47-L49
Otherwise run MobSF tests: https://mobsf.github.io/docs/#/tests after making changes.
you can reduce size using experimental build arg from docker with the --squash parameter and also the --compress option to speed up build ubuntu is also used because we have wkhtmltopdf https://github.com/wkhtmltopdf/wkhtmltopdf
I tried the squash experimental docker command and was able to build docker image of size 1.46 GB. The disadvantage is it creates a single layer which needs to be pulled for every new image build. Thats even worse.
Can we have a yara-python fork on MobSF Github org with dex enabled releases ? This would remove the need to install git and other dependencies.
I know that we can host a wheel for that, but not sure if it will be cross platform. will do more testing here.
Even if I just submodule it, it will not save much space because it will still need dependencies for building it. I am thinking if we can release a prebuilt built wheel.
I know that we can host a wheel for that, but not sure if it will be cross platform
We will anyway run that inside ubuntu docker image.
I am thinking if we can release a prebuilt built wheel.
Exactly. If we can create a build, we can directly download it during docker build process
The thing is I do not want to create a wheel only for linux/docker and build it locally for others. This is very difficult to maintain and update between operating systems. We give higher priority to maintenance than anything else.
I want to know if we can remove building dependency at user machine because that's a win - win for both user experience and also reducing docker image size.
Once this is merged I think you can do more optimisations on Dockerfile https://github.com/MobSF/Mobile-Security-Framework-MobSF/pull/1377
It's merged to master.
@superpoussin22 Can we use ubuntu-minimal
as base image ?
@ajinabraham for me LTS starting at 18.04 are minimal "On Dockerhub, the new Ubuntu 18.04 LTS image is now the new Minimal Ubuntu 18.04 image. Launching a Docker instance with docker run ubuntu:18.04 therefore launches a Docker instance with the latest Minimal Ubuntu."
@superpoussin22 Yeah I found out that 20.04 is also minimal image
20.04
linux/amd64
@Chan9390 Our MobSF github repo is about 757 MB on disk and our latest Docker image is about 755.43 MB in DockerHub (but still about 1.7GB on disk). Do you have further optimisations for Dockerfile in mind?
to reduce the size I think we have to options:
@superpoussin22
I have made the test it won't reduce the size for 2) so not a good idea
One more idea is to not copy the .git
directory as the git history is not required CMIIW. It will reduce some more space.
EDIT: I found .git
in dockerignore. So I think this is already taken care.
Adding a --no-install-recommends
to apt install command reduced the size of the docker image to 1.65 GB. However, I am not sure if that missed installing any package that MobSF requires at runtime.
without --no-install-recommends I'm at 1.6 but will retry with --no-install-recommends and see if we can reduce the size more
@superpoussin22 Did you get time to check it ?
@Chan9390 the PR is ready to merge :)
PR is merged
The docker image size of MobSF is more than 1.7GB. Can we decrease the size of the image ?
A solution could be using a different (lightweight) base image or install only the recommended software to compile and run MobSF.