From 8c0b578f466e05cf91e7984653f7e92823f25019 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 4 Mar 2025 13:58:17 +0100 Subject: [PATCH 1/5] chore(image): remove packages with dependecies Signed-off-by: Tomasz Janiszewski --- image/rhel/Dockerfile | 2 +- scanner/image/scanner/Dockerfile | 2 +- scanner/image/scanner/konflux.Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/image/rhel/Dockerfile b/image/rhel/Dockerfile index ee6dd3e81fe95..bb4658231c443 100644 --- a/image/rhel/Dockerfile +++ b/image/rhel/Dockerfile @@ -59,7 +59,7 @@ RUN rpm --import RPM-GPG-KEY-CentOS-Official && \ microdnf clean all -y && \ rm /tmp/postgres.rpm /tmp/postgres-libs.rpm RPM-GPG-KEY-CentOS-Official && \ # (Optional) Remove line below to keep package management utilities - rpm -e --nodeps $(rpm -qa curl '*rpm*' '*dnf*' '*libsolv*' '*hawkey*' 'yum*') && \ + rpm -v -e $(rpm -qa curl '*rpm*' '*dnf*' '*libsolv*' '*hawkey*' 'yum*' libmodulemd) && \ rm -rf /var/cache/dnf /var/cache/yum && \ # The contents of paths mounted as emptyDir volumes in Kubernetes are saved # by the script `save-dir-contents` during the image build. The directory diff --git a/scanner/image/scanner/Dockerfile b/scanner/image/scanner/Dockerfile index 380d6054fadf2..ccbf5bc6d1bd8 100644 --- a/scanner/image/scanner/Dockerfile +++ b/scanner/image/scanner/Dockerfile @@ -38,7 +38,7 @@ COPY --from=mappings /mappings/repository-to-cpe.json /mappings/container-name-r RUN microdnf upgrade --nobest && \ microdnf clean all && \ # (Optional) Remove line below to keep package management utilities - rpm -e --nodeps $(rpm -qa curl '*rpm*' '*dnf*' '*libsolv*' '*hawkey*' 'yum*') && \ + rpm -v -e $(rpm -qa curl '*rpm*' '*dnf*' '*libsolv*' '*hawkey*' 'yum*' libmodulemd) && \ rm -rf /var/cache/dnf /var/cache/yum && \ chown -R 65534:65534 /tmp && \ # The contents of paths mounted as emptyDir volumes in Kubernetes are saved diff --git a/scanner/image/scanner/konflux.Dockerfile b/scanner/image/scanner/konflux.Dockerfile index 075c6b51ffa52..7e2d4e215822b 100644 --- a/scanner/image/scanner/konflux.Dockerfile +++ b/scanner/image/scanner/konflux.Dockerfile @@ -66,7 +66,7 @@ COPY .konflux/scanner-data/repository-to-cpe.json .konflux/scanner-data/containe RUN microdnf upgrade --nobest && \ microdnf clean all && \ # (Optional) Remove line below to keep package management utilities - rpm -e --nodeps $(rpm -qa curl '*rpm*' '*dnf*' '*libsolv*' '*hawkey*' 'yum*') && \ + rpm -v -e $(rpm -qa curl '*rpm*' '*dnf*' '*libsolv*' '*hawkey*' 'yum*' libmodulemd) && \ rm -rf /var/cache/dnf /var/cache/yum && \ chown -R 65534:65534 /tmp && \ # The contents of paths mounted as emptyDir volumes in Kubernetes are saved From 8e10677896732b996b2953432e60e20b47c70fe2 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 4 Mar 2025 14:09:30 +0100 Subject: [PATCH 2/5] chore(image): remove libxml2 from release Signed-off-by: Tomasz Janiszewski --- image/rhel/Dockerfile | 2 +- scanner/image/scanner/Dockerfile | 2 +- scanner/image/scanner/konflux.Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/image/rhel/Dockerfile b/image/rhel/Dockerfile index bb4658231c443..4a78148223004 100644 --- a/image/rhel/Dockerfile +++ b/image/rhel/Dockerfile @@ -59,7 +59,7 @@ RUN rpm --import RPM-GPG-KEY-CentOS-Official && \ microdnf clean all -y && \ rm /tmp/postgres.rpm /tmp/postgres-libs.rpm RPM-GPG-KEY-CentOS-Official && \ # (Optional) Remove line below to keep package management utilities - rpm -v -e $(rpm -qa curl '*rpm*' '*dnf*' '*libsolv*' '*hawkey*' 'yum*' libmodulemd) && \ + rpm -v -e $(rpm -qa curl '*rpm*' '*dnf*' '*libsolv*' '*hawkey*' 'yum*' libmodulemd libxml2 libarchive librepo) && \ rm -rf /var/cache/dnf /var/cache/yum && \ # The contents of paths mounted as emptyDir volumes in Kubernetes are saved # by the script `save-dir-contents` during the image build. The directory diff --git a/scanner/image/scanner/Dockerfile b/scanner/image/scanner/Dockerfile index ccbf5bc6d1bd8..1f4520ad31ada 100644 --- a/scanner/image/scanner/Dockerfile +++ b/scanner/image/scanner/Dockerfile @@ -38,7 +38,7 @@ COPY --from=mappings /mappings/repository-to-cpe.json /mappings/container-name-r RUN microdnf upgrade --nobest && \ microdnf clean all && \ # (Optional) Remove line below to keep package management utilities - rpm -v -e $(rpm -qa curl '*rpm*' '*dnf*' '*libsolv*' '*hawkey*' 'yum*' libmodulemd) && \ + rpm -v -e $(rpm -qa curl '*rpm*' '*dnf*' '*libsolv*' '*hawkey*' 'yum*' libmodulemd libxml2 libarchive librepo) && \ rm -rf /var/cache/dnf /var/cache/yum && \ chown -R 65534:65534 /tmp && \ # The contents of paths mounted as emptyDir volumes in Kubernetes are saved diff --git a/scanner/image/scanner/konflux.Dockerfile b/scanner/image/scanner/konflux.Dockerfile index 7e2d4e215822b..99d0f6f245320 100644 --- a/scanner/image/scanner/konflux.Dockerfile +++ b/scanner/image/scanner/konflux.Dockerfile @@ -66,7 +66,7 @@ COPY .konflux/scanner-data/repository-to-cpe.json .konflux/scanner-data/containe RUN microdnf upgrade --nobest && \ microdnf clean all && \ # (Optional) Remove line below to keep package management utilities - rpm -v -e $(rpm -qa curl '*rpm*' '*dnf*' '*libsolv*' '*hawkey*' 'yum*' libmodulemd) && \ + rpm -v -e $(rpm -qa curl '*rpm*' '*dnf*' '*libsolv*' '*hawkey*' 'yum*' libmodulemd libxml2 libarchive librepo) && \ rm -rf /var/cache/dnf /var/cache/yum && \ chown -R 65534:65534 /tmp && \ # The contents of paths mounted as emptyDir volumes in Kubernetes are saved From 1a909634c16b582b7bfbf57ead1c45c910d2a6a9 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 4 Mar 2025 14:40:03 +0100 Subject: [PATCH 3/5] chore(deps): remove unix utils from release image --- image/rhel/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/image/rhel/Dockerfile b/image/rhel/Dockerfile index 4a78148223004..4159bcd5ea3cd 100644 --- a/image/rhel/Dockerfile +++ b/image/rhel/Dockerfile @@ -55,7 +55,7 @@ RUN rpm --import RPM-GPG-KEY-CentOS-Official && \ microdnf -y upgrade --nobest && \ rpm -i --nodeps /tmp/postgres-libs.rpm && \ rpm -i --nodeps /tmp/postgres.rpm && \ - microdnf install --setopt=install_weak_deps=0 --nodocs -y lz4 bzip2 util-linux && \ + microdnf install --setopt=install_weak_deps=0 --nodocs -y lz4 bzip2 && \ microdnf clean all -y && \ rm /tmp/postgres.rpm /tmp/postgres-libs.rpm RPM-GPG-KEY-CentOS-Official && \ # (Optional) Remove line below to keep package management utilities From 8f7afb70c60c10c062331a34d75c7e792269283d Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Tue, 4 Mar 2025 15:13:02 +0100 Subject: [PATCH 4/5] chore(deps): remove lz4 and bzip2 --- image/rhel/Dockerfile | 1 - 1 file changed, 1 deletion(-) diff --git a/image/rhel/Dockerfile b/image/rhel/Dockerfile index 4159bcd5ea3cd..188b588f0d7c1 100644 --- a/image/rhel/Dockerfile +++ b/image/rhel/Dockerfile @@ -55,7 +55,6 @@ RUN rpm --import RPM-GPG-KEY-CentOS-Official && \ microdnf -y upgrade --nobest && \ rpm -i --nodeps /tmp/postgres-libs.rpm && \ rpm -i --nodeps /tmp/postgres.rpm && \ - microdnf install --setopt=install_weak_deps=0 --nodocs -y lz4 bzip2 && \ microdnf clean all -y && \ rm /tmp/postgres.rpm /tmp/postgres-libs.rpm RPM-GPG-KEY-CentOS-Official && \ # (Optional) Remove line below to keep package management utilities From 102e2c25b012acefd8c6c9edb56de78d3bd69ab8 Mon Sep 17 00:00:00 2001 From: Tomasz Janiszewski Date: Fri, 28 Feb 2025 13:46:40 +0100 Subject: [PATCH 5/5] fix: remove pacakges with deps Signed-off-by: Tomasz Janiszewski Apply suggestions from code review --- image/rhel/Dockerfile | 4 +++- scanner/image/scanner/Dockerfile | 4 +++- scanner/image/scanner/konflux.Dockerfile | 4 +++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/image/rhel/Dockerfile b/image/rhel/Dockerfile index 188b588f0d7c1..0f29433fdf36b 100644 --- a/image/rhel/Dockerfile +++ b/image/rhel/Dockerfile @@ -58,7 +58,9 @@ RUN rpm --import RPM-GPG-KEY-CentOS-Official && \ microdnf clean all -y && \ rm /tmp/postgres.rpm /tmp/postgres-libs.rpm RPM-GPG-KEY-CentOS-Official && \ # (Optional) Remove line below to keep package management utilities - rpm -v -e $(rpm -qa curl '*rpm*' '*dnf*' '*libsolv*' '*hawkey*' 'yum*' libmodulemd libxml2 libarchive librepo) && \ + rpm -v -e $(rpm -qa curl '*rpm*' '*dnf*' '*libsolv*' '*hawkey*' 'yum*' \ + 'elfutils-libelf' 'gnupg2' 'gpgme' 'libarchive' 'libcurl' 'libmodulemd' 'librepo' \ + 'libudev' 'libusb' 'libusbx' 'libxml2' 'libzstd' 'libyaml' 'lz4-libs' 'systemd-libs' ) && \ rm -rf /var/cache/dnf /var/cache/yum && \ # The contents of paths mounted as emptyDir volumes in Kubernetes are saved # by the script `save-dir-contents` during the image build. The directory diff --git a/scanner/image/scanner/Dockerfile b/scanner/image/scanner/Dockerfile index 1f4520ad31ada..67281249852be 100644 --- a/scanner/image/scanner/Dockerfile +++ b/scanner/image/scanner/Dockerfile @@ -38,7 +38,9 @@ COPY --from=mappings /mappings/repository-to-cpe.json /mappings/container-name-r RUN microdnf upgrade --nobest && \ microdnf clean all && \ # (Optional) Remove line below to keep package management utilities - rpm -v -e $(rpm -qa curl '*rpm*' '*dnf*' '*libsolv*' '*hawkey*' 'yum*' libmodulemd libxml2 libarchive librepo) && \ + rpm -v -e $(rpm -qa curl '*rpm*' '*dnf*' '*libsolv*' '*hawkey*' 'yum*' \ + 'elfutils-libelf' 'gnupg2' 'gpgme' 'libarchive' 'libcurl' 'libmodulemd' 'librepo' \ + 'libudev' 'libusb' 'libusbx' 'libxml2' 'libzstd' 'libyaml' 'lz4-libs' 'systemd-libs' ) && \ rm -rf /var/cache/dnf /var/cache/yum && \ chown -R 65534:65534 /tmp && \ # The contents of paths mounted as emptyDir volumes in Kubernetes are saved diff --git a/scanner/image/scanner/konflux.Dockerfile b/scanner/image/scanner/konflux.Dockerfile index 99d0f6f245320..d9365be4d9bdb 100644 --- a/scanner/image/scanner/konflux.Dockerfile +++ b/scanner/image/scanner/konflux.Dockerfile @@ -66,7 +66,9 @@ COPY .konflux/scanner-data/repository-to-cpe.json .konflux/scanner-data/containe RUN microdnf upgrade --nobest && \ microdnf clean all && \ # (Optional) Remove line below to keep package management utilities - rpm -v -e $(rpm -qa curl '*rpm*' '*dnf*' '*libsolv*' '*hawkey*' 'yum*' libmodulemd libxml2 libarchive librepo) && \ + rpm -v -e $(rpm -qa curl '*rpm*' '*dnf*' '*libsolv*' '*hawkey*' 'yum*' \ + 'elfutils-libelf' 'gnupg2' 'gpgme' 'libarchive' 'libcurl' 'libmodulemd' 'librepo' \ + 'libudev' 'libusb' 'libusbx' 'libxml2' 'libzstd' 'libyaml' 'lz4-libs' 'systemd-libs' ) && \ rm -rf /var/cache/dnf /var/cache/yum && \ chown -R 65534:65534 /tmp && \ # The contents of paths mounted as emptyDir volumes in Kubernetes are saved