search

docker-library / haproxy

Docker Official Image packaging for HAProxy
http://www.haproxy.org/
GNU General Public License v2.0
347 stars 158 forks source link

Fix `dpkg-query --search` to be more specific #226

Closed L3n41c closed 3 months ago

L3n41c commented 3 months ago

See https://github.com/docker-library/python/pull/858

The issue comes from the logic that aims at removing the packages that were needed to build haproxy but which are not needed at runtime anymore.

        find /usr/local -type f -executable -exec ldd '{}' ';' \
                | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \
                | sort -u \
                | xargs -r dpkg-query --search \
                | cut -d: -f1 \
                | sort -u \
                | xargs -r apt-mark manual \

The ldd looks for the libraries that haproxy depends on, among which, libc.so.6. The awk command reformats the output of ldd and produces, among other libraries:

lib/x86_64-linux-gnu/libc.so.6

Those files are then passed to dpkg-query to find their owning package. And this is where the issue is coming from:

root@f6106d13cb42:/# dpkg-query --search lib/x86_64-linux-gnu/libc.so.6

libc6-dev:amd64: /usr/share/gdb/auto-load/lib/x86_64-linux-gnu/libc.so.6-gdb.py
libc6:amd64: /lib/x86_64-linux-gnu/libc.so.6

The issue is that the library we are interested in happens to also be a substring of a GDB pretty-printing script that is obviously not needed at runtime by haproxy.

L3n41c commented 3 months ago

This also has, as a nice side effect, to reduce the size of the image. haproxy:2.4 shank from 120MB to 100MB with this fix.