karianna
commented
3 weeks ago We wouldn't backport this because... we'd be removing tools?
Open gdams opened 3 weeks ago
karianna
commented
3 weeks ago We wouldn't backport this because... we'd be removing tools?
gdams
commented
3 weeks ago We wouldn't backport this because... we'd be removing tools?
correct, it would be a breaking change so it's best to only change this going forwards
karianna
commented
3 weeks ago We wouldn't backport this because... we'd be removing tools?
correct, it would be a breaking change so it's best to only change this going forwards
We'll need to advertise this strongly then (blogs etc)
tianon
commented
2 weeks ago If the tools shouldn't be in the final images, I'd suggest instead moving the installation to the RUN instruction where they are used and cleaning them up/removing after use (before the RUN line ends).
See https://github.com/docker-library/cassandra/blob/1e3d5732f34ceb9e77870d0be9501515f917cc60/5.0/Dockerfile#L40-L54 for a pretty straightforward/compressed example of what I mean (but I'm happy to provide a more detailed example if helpful, maybe in the form of a diff against the current Dockerfile here; for Alpine-based images this is even more straightforward thanks to their support for --virtual on apk add to group package installs in a way that makes them trivial to remove afterwards).
fixes: https://github.com/adoptium/containers/issues/675
This will mean that for JDK24+ we stop shipping container images with build time dependencies in them (e.g wget, curl, gnupg etc)