There are various problems with the new Dockerfile image.
Script docker-start.sh use sudo while the sudo package is not installed
Script docker-start.sh use sudo under the name /bin/sudo while when installed, the sudo package provide sudo under the name /usr/bin/sudo
The Dockerfile clean some files inside the image. But the layered structure of Docker images make it useless : the files are still present inside the image, they are just not accessible.
Description of problem with layers
Inside the Dockerfile, we can find
RUN apt-get -y update
RUN apt-get -y install aria2 gnupg software-properties-common \
python3 git curl bash openssl
and latter
## Lets slim the image down!
# systemd uses 26.6 MB of space!
RUN apt-get -y remove --purge --auto-remove systemd
# remove our cache from apt-get
RUN rm -rf /var/cache/apt/archives/
# apt-get update cache (17 MB)
RUN rm -rf /var/lib/apt/lists/
# man page ~6 MB
RUN rm -rf /usr/share/man/
# unused locale data ~31 MB
RUN rm -rf /usr/share/locale/
# unused mandocs ~11 MB
RUN rm -rf /usr/share/doc/
Each time a new RUN instruction is present, a new layer is created in the image with all the file created or modified in this layer. If a subsequent layer remove files, the files won't be removed from the image, they will just be flagged as being "not accessible".
This is why a lot a Dockerfiles that try to minimize the size of an image use as few RUN instruction as possible, either by putting all instruction on the same line like:
There are various problems with the new Dockerfile image.
docker-start.sh
usesudo
while the sudo package is not installeddocker-start.sh
usesudo
under the name/bin/sudo
while when installed, the sudo package provide sudo under the name/usr/bin/sudo
Dockerfile
clean some files inside the image. But the layered structure of Docker images make it useless : the files are still present inside the image, they are just not accessible.Description of problem with layers
Inside the
Dockerfile
, we can findand latter
Each time a new RUN instruction is present, a new layer is created in the image with all the file created or modified in this layer. If a subsequent layer remove files, the files won't be removed from the image, they will just be flagged as being "not accessible".
This is why a lot a
Dockerfile
s that try to minimize the size of an image use as few RUN instruction as possible, either by putting all instruction on the same line like:or by using a script