search

coreos / rpm-ostree

⚛📦 Hybrid image/package system with atomic upgrades and package layering
https://coreos.github.io/rpm-ostree
Other
862 stars 195 forks source link

Rpm-ostree keeps cache when running inside a Dockerfile #4178

Closed kuba3351 closed 1 year ago

kuba3351 commented 1 year ago

Hello

Rpm-ostree has a nice feature that if I am using an ostree native container feature, I can use rpm-ostree install command inside a Dockerfile to install some additional packages into the image. But this produces a cache in /var/cache directory in a result image. The good practice in the OCI images is to keep them as small as possible, and if you use any Dockerfile linter, it will recommend to use --no-cache flag during installing any packages using any package manager. I didn't found such flag in rpm-ostree. I think rpm-ostree should have a --no-cache flag that triggers delete cache after installing packages or remove cache automatically when it detects usage in a container.

Host system details

Not necessary

Expected vs actual behavior

Actual:

[jakub@localhost docker-test]$ cat Dockerfile
FROM quay.io/fedora-ostree-desktops/kinoite:37
RUN rpm-ostree install thunderbird
[jakub@localhost docker-test]$ sudo docker build --no-cache -t test .
Sending build context to Docker daemon  2.048kB
Step 1/2 : FROM quay.io/fedora-ostree-desktops/kinoite:37
 ---> 41ff8861fbfb
Step 2/2 : RUN rpm-ostree install thunderbird
 ---> Running in 9889db35b8b9
Enabled rpm-md repositories: fedora-modular updates fedora updates-modular fedora-cisco-openh264 updates-archive
Updating metadata for 'fedora-modular'...done
Updating metadata for 'updates'...done
Updating metadata for 'fedora'...done
Updating metadata for 'updates-modular'...done
Updating metadata for 'fedora-cisco-openh264'...done
Updating metadata for 'updates-archive'...done
Importing rpm-md...done
rpm-md repo 'fedora-modular'; generated: 2022-11-10T09:23:24Z solvables: 1454
rpm-md repo 'updates'; generated: 2022-11-29T01:06:40Z solvables: 10365
rpm-md repo 'fedora'; generated: 2022-11-10T09:30:00Z solvables: 66822
rpm-md repo 'updates-modular'; generated: 2022-11-28T00:16:24Z solvables: 1455
rpm-md repo 'fedora-cisco-openh264'; generated: 2022-10-06T11:01:40Z solvables: 4
rpm-md repo 'updates-archive'; generated: 2022-11-29T01:55:21Z solvables: 8719
Resolving dependencies...done
Will download: 2 packages (107.3?MB)
Downloading from 'updates'...done
Installing 2 packages:
  thunderbird-102.5.0-1.fc37.x86_64 (updates)
  thunderbird-librnp-rnp-102.5.0-1.fc37.x86_64 (updates)
Installing: thunderbird-librnp-rnp-102.5.0-1.fc37.x86_64 (updates)
Installing: thunderbird-102.5.0-1.fc37.x86_64 (updates)
Removing intermediate container 9889db35b8b9
 ---> 2d409e38a0e9
Successfully built 2d409e38a0e9
Successfully tagged test:latest
[jakub@localhost docker-test]$ sudo docker run -it test /bin/bash
[sudo] hasło użytkownika jakub: 
bash-5.2# cd /var
bash-5.2# du -sh *
230M    cache
4.0K    tmp
bash-5.2#

Expected:

Empty /var/cache dir in the result image

Steps to reproduce it

Use rpm-ostree install command in the Dockerfile and check that rpm-ostree cache exists in /var/cache in a result image.

Would you like to work on the issue?

No, I don't have necessary experience

cgwalters commented 1 year ago

The --no-cache option in docker build is not related to this. You can (need to) explicitly choose to clean the cache inside the filesystem - this behavior is exactly the same as e.g. apt and dnf and I don't think we should change it because it would break the use case of installing in multiple command invocations.

Instead, you can clean the cache explicitly; see e.g. https://github.com/coreos/layering-examples/blob/5644ba14808e3c439bd22204d07eef76bea6e089/wifi/Containerfile#L4