bqcuong commented on PR #15: URL: https://github.com/apache/solr-docker/pull/15#issuecomment-1503996624
Hi @epugh, and @janhoy, I updated the differences between the builds before and after the improvements as below: - Before improvements: 23 newly installed, image size 516MB - After improvements: 15 newly installed, image size 512MB (save 0.7%) In this case, the reduced size is not much significant like the example in the article @epugh mentioned. However, removing unnecessary packages is highly recommended for the security of your Docker containers. Quoted from [CIS Docker Benchmark v1.5.0](https://www.cisecurity.org/benchmark/docker): >**4.3 Ensure that unnecessary packages are not installed in the container** >**Description:** >Containers should have as small a footprint as possible, and should not contain unnecessary software packages which could increase their attack surface. >**Rationale:** >Unnecessary software should not be installed into containers, as doing so increases their attack surface. Only packages strictly necessary for the correct operation of the application being deployed should be installed. I hope that you still find this improvement helpful. For the list of not installed packages, please check the below logs. ``` // before + apt-get -y install acl dirmngr gpg lsof procps wget netcat gosu tini Reading package lists... Building dependency tree... Reading state information... procps is already the newest version (2:3.3.16-1ubuntu2.3). wget is already the newest version (1.20.3-1ubuntu2). The following additional packages will be installed: gnupg gnupg-l10n gnupg-utils gpg-agent gpg-wks-client gpg-wks-server gpgconf gpgsm libassuan0 libbsd0 libksba8 libnpth0 libreadline8 netcat-openbsd pinentry-curses readline-common Suggested packages: dbus-user-session libpam-systemd pinentry-gnome3 tor parcimonie xloadimage scdaemon perl pinentry-doc readline-doc The following NEW packages will be installed: acl dirmngr gnupg gnupg-l10n gnupg-utils gosu gpg gpg-agent gpg-wks-client gpg-wks-server gpgconf gpgsm libassuan0 libbsd0 libksba8 libnpth0 libreadline8 lsof netcat netcat-openbsd pinentry-curses readline-common tini 0 upgraded, 23 newly installed, 0 to remove and 9 not upgraded. // after + apt-get -y --no-install-recommends install acl dirmngr gpg lsof procps wget netcat gosu tini Reading package lists... Building dependency tree... Reading state information... procps is already the newest version (2:3.3.16-1ubuntu2.3). wget is already the newest version (1.20.3-1ubuntu2). The following additional packages will be installed: gpgconf libassuan0 libbsd0 libksba8 libnpth0 libreadline8 netcat-openbsd readline-common Suggested packages: dbus-user-session libpam-systemd pinentry-gnome3 tor perl readline-doc Recommended packages: gnupg The following NEW packages will be installed: acl dirmngr gosu gpg gpgconf libassuan0 libbsd0 libksba8 libnpth0 libreadline8 lsof netcat netcat-openbsd readline-common tini 0 upgraded, 15 newly installed, 0 to remove and 9 not upgraded. ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
