diff --git a/Dockerfile b/Dockerfile index b72930218e..fce90b8a13 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,7 +36,7 @@ FROM base AS criu # Install CRIU for checkpoint/restore support ENV CRIU_VERSION 3.11 # Install dependency packages specific to criu -RUN apt-get update && apt-get install -y \ +RUN apt-get update && apt-get install -y --no-install-recommends \ libnet-dev \ libprotobuf-c0-dev \ libprotobuf-dev \ @@ -45,7 +45,8 @@ RUN apt-get update && apt-get install -y \ protobuf-compiler \ protobuf-c-compiler \ python-protobuf \ - && mkdir -p /usr/src/criu \ + && rm -rf /var/lib/apt/lists/* +RUN mkdir -p /usr/src/criu \ && curl -sSL https://github.com/checkpoint-restore/criu/archive/v${CRIU_VERSION}.tar.gz | tar -C /usr/src/criu/ -xz --strip-components=1 \ && cd /usr/src/criu \ && make \ @@ -84,7 +85,10 @@ RUN set -x \ && rm -rf "$GOPATH" FROM base AS frozen-images -RUN apt-get update && apt-get install -y jq ca-certificates --no-install-recommends +RUN apt-get update && apt-get install -y --no-install-recommends \ + ca-certificates \ + jq \ + && rm -rf /var/lib/apt/lists/* # Get useful and necessary Hub images so we can "docker load" locally instead of pulling COPY contrib/download-frozen-image-v2.sh / RUN /download-frozen-image-v2.sh /build \ @@ -102,28 +106,27 @@ RUN dpkg --add-architecture armhf RUN dpkg --add-architecture arm64 RUN dpkg --add-architecture armel RUN if [ "$(go env GOHOSTARCH)" = "amd64" ]; then \ - apt-get update \ - && apt-get install -y --no-install-recommends \ + apt-get update && apt-get install -y --no-install-recommends \ crossbuild-essential-armhf \ crossbuild-essential-arm64 \ - crossbuild-essential-armel; \ + crossbuild-essential-armel \ + && rm -rf /var/lib/apt/lists/*; \ fi FROM cross-${CROSS} as dev-base FROM dev-base AS runtime-dev-cross-false -RUN apt-get update && apt-get install -y \ +RUN apt-get update && apt-get install -y --no-install-recommends \ libapparmor-dev \ - libseccomp-dev - + libseccomp-dev \ + && rm -rf /var/lib/apt/lists/* FROM cross-true AS runtime-dev-cross-true # These crossbuild packages rely on gcc-, but this doesn't want to install # on non-amd64 systems. # Additionally, the crossbuild-amd64 is currently only on debian:buster, so # other architectures cannnot crossbuild amd64. RUN if [ "$(go env GOHOSTARCH)" = "amd64" ]; then \ - apt-get update \ - && apt-get install -y \ + apt-get update && apt-get install -y --no-install-recommends \ libseccomp-dev:armhf \ libseccomp-dev:arm64 \ libseccomp-dev:armel \ @@ -133,7 +136,8 @@ RUN if [ "$(go env GOHOSTARCH)" = "amd64" ]; then \ # install this arches seccomp here due to compat issues with the v0 builder # This is as opposed to inheriting from runtime-dev-cross-false libapparmor-dev \ - libseccomp-dev; \ + libseccomp-dev \ + && rm -rf /var/lib/apt/lists/*; \ fi FROM runtime-dev-cross-${CROSS} AS runtime-dev @@ -151,7 +155,9 @@ COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME FROM dev-base AS containerd -RUN apt-get update && apt-get install -y btrfs-tools +RUN apt-get update && apt-get install -y --no-install-recommends \ + btrfs-tools \ + && rm -rf /var/lib/apt/lists/* ENV INSTALL_BINARY_NAME=containerd COPY hack/dockerfile/install/install.sh ./install.sh COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ @@ -188,7 +194,10 @@ COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ RUN PREFIX=/build ./install.sh $INSTALL_BINARY_NAME FROM dev-base AS tini -RUN apt-get update && apt-get install -y cmake vim-common +RUN apt-get update && apt-get install -y --no-install-recommends \ + cmake \ + vim-common \ + && rm -rf /var/lib/apt/lists/* COPY hack/dockerfile/install/install.sh ./install.sh ENV INSTALL_BINARY_NAME=tini COPY hack/dockerfile/install/$INSTALL_BINARY_NAME.installer ./ @@ -213,7 +222,7 @@ RUN ln -s /usr/local/completion/bash/docker /etc/bash_completion.d/docker RUN ldconfig # This should only install packages that are specifically needed for the dev environment and nothing else # Do you really need to add another package here? Can it be done in a different build stage? -RUN apt-get update && apt-get install -y \ +RUN apt-get update && apt-get install -y --no-install-recommends \ apparmor \ aufs-tools \ bash-completion \ @@ -240,7 +249,7 @@ RUN apt-get update && apt-get install -y \ libprotobuf-c1 \ libnet1 \ libnl-3-200 \ - --no-install-recommends + && rm -rf /var/lib/apt/lists/* RUN pip3 install yamllint==1.16.0