Cleanup of packages used for building git

Question

Cleanup of packages used for building git

bkraul opened this issue 5 years ago · comments

Thank you so much for your nifty git build script. I am trying to use it in one of my docker builds (for an older version of ubuntu that has the gnutls problem). However, the sideffect is that I end up with a really large image (2.6GB).

Is there anyway the script could be modified to do some cleanup of all build packages that are not necessary after building git? I have tried some cleanup, but I'd figure there could be some more.

Niko Dunixi · Answer 1 · Wed Nov 20 2019 13:06:07 GMT+0800 (China Standard Time)

It's do-able, but I don't feel comfortable removing packages from a user's end-system. I don't know if that's really the best option since I don't know if they installed the package before-hand or not. They might be using any/all of those packages to build other projects already and removing could have the unintended side-effect of blocking someone for part of a day trying to figure out why their freshly check-out code no longer builds.

Depending on your current use-case there may be better alternatives. You could do one of the following:

Uninstall them yourself after your RUN step:
RUN ./compile-git-with-openssl.sh && apt-get remove --purge build-essential autoconf #etc etc etc
Use a PPA repository with the git you want
Use a multi-stage build (which is generally my personal favorite, in terms of docker-patterns, since it keeps your final images lean):

FROM ubuntu:latest AS BUILDER
COPY ./compile-git-with-openssl.sh ./compile-git-with-openssl.sh
RUN ./compile-git-with-openssl.sh

FROM ubuntu:latest
COPY --from=BUILDER /path/to/compiled/git/binary /bin/git

Niko Dunixi · Answer 2 · Wed Nov 27 2019 02:34:01 GMT+0800 (China Standard Time)

@bkraul does this help at all? If you need some help, I can look at whatever repo you are attempting to do this in

bkraul · Answer 3 · Wed Nov 27 2019 06:27:24 GMT+0800 (China Standard Time)

I have never done multi-stage builds, but I think I understand what you mean, so I will try that out with the image I am working with, and reach out if I have any issues. Thanks man.

bkraul · Answer 4 · Wed Nov 27 2019 08:16:57 GMT+0800 (China Standard Time)

OK, so I did the multi-stage build as you suggested. I did it with the webdevops/php-nginx:ubuntu-14.04 image.

Everything seems to work. However, in my resulting image, I end up with the following error when I am trying to do a git pull:

fatal: unable to find remote helper for 'https'

Here is my Dockerfile:

FROM webdevops/php-nginx:ubuntu-14.04 AS BUILDER

ADD ./compile-git-with-openssl.sh /root/compile-git-with-openssl.sh
RUN /root/compile-git-with-openssl.sh --skip-tests --build-dir=/tmp/git-build

FROM  webdevops/php-nginx:ubuntu-14.04
MAINTAINER Belman Kraul <bkraul@belmankraul.com>
COPY --from=BUILDER /usr/bin/git /usr/bin/git
RUN set -x \
    && apt update \
    # install pre-requisites.
    && apt install smbclient samba-common -y \
    # perform image cleanup.
    && docker-run-bootstrap \
    && docker-image-cleanup

bkraul · Answer 5 · Wed Nov 27 2019 23:30:17 GMT+0800 (China Standard Time)

I tried by creating a deb package from the build using checkinstall inside of the builder image, then I copy the deb package to the final image, install it with dpkg, and remove the deb package file. Git finally works properly, but the resulting image is 1GB (from 439MB). Perhaps it is unavoidable.

Niko Dunixi · Answer 6 · Thu Nov 28 2019 01:45:00 GMT+0800 (China Standard Time)

I think the problem here is that the copy statement is pointing to the git binary installed to the image, and not the one you just built. Git's makefile will create the binary file in the project's root directory. So when you specify /tmp/git-build the final binary is /tmp/git-build/git

Try this instead:

RUN apt-get remove git
COPY --from=BUILDER /tmp/git-build/git /usr/bin/git

bkraul · Answer 7 · Thu Nov 28 2019 01:46:58 GMT+0800 (China Standard Time)

But what about the rest of the files? the ones installed to /usr/libexec, and /usr/share?

Niko Dunixi · Answer 8 · Thu Nov 28 2019 02:25:11 GMT+0800 (China Standard Time)

I'm honestly not sure if the final git binary will actually need them or not. I think the final binary should be static, but I'm on a low-bandwidth network at the moment and can't really test your specific situation right now. You can try it and see? Worst case scenario, if you get and error you can figure out which file it needs and add it too

bkraul · Answer 9 · Thu Nov 28 2019 05:23:40 GMT+0800 (China Standard Time)

I googled the error I get and it tells me that it has to do with libcurl4-openssl-dev needing to be there at the time of build, which I know it is, because it is in your script. I am suspecting the resulting binaries are not static tho. Because like I said, I added a checkinstall build at the end, which got me a full deb package, and that one does work in the final image.

Niko Dunixi · Answer 10 · Wed Apr 15 2020 10:02:59 GMT+0800 (China Standard Time)

I'm going to close this for the time being. We can't remove the packages and until there is a better way that actually creates a static binary we have no choice but to keep them in