Open making opened 2 years ago
We have generally made it a point to not delete files that are part of something we redistribute. Your point is totally valid though. Those files are not necessary and just consume space in the image, a small but not exactly insignificant amount, 6.4M.
$ du -h -d 1
9.7M ./lib
4.0K ./work
6.4M ./webapps
4.0K ./logs
236K ./conf
884K ./bin
8.0K ./env.launch
4.0K ./temp
18M .
This should not create any additional exposure though. The way that we set up Tomcat, those files are never loaded.
The Tomcat CNB creates two layers (technically three, but we don't care about helper here):
$ ls -l
total 12
drwxr-xr-x 8 cnb cnb 4096 Jan 1 1980 catalina-base
drwxr-xr-x 3 cnb cnb 4096 Jan 1 1980 helper
drwxr-xr-x 10 cnb cnb 4096 Jan 1 1980 tomcat
The tomcat
layer is where Tomcat is extracted, i.e. $CATALINA_HOME
. This is where the files you've mentioned live. We also create catalina-base
which is where the actual conf
& webapps
directories live. As the name implies, when Tomcat runs it uses this as the $CATALINA_BASE
directory, all config and web apps are loaded only out of that directory. That directory only has one web app, the one that's been built.
$ ls -l catalina-base/webapps/
total 0
lrwxrwxrwx 1 cnb cnb 10 Jan 1 1980 ROOT -> /workspace
I'll leave this issue open as I think this is something that we can address.
What happened?
Currently, the image created by tomcat buildpack contains a lot of unnecessary files like
docs
andexamples
. It would be nice to remove these files to reduce image size (and to avoid potential vulnerabilities?).Checklist