From 9e57cc1bfd8798ee5fd4a5269fbc45daa47c7914 Mon Sep 17 00:00:00 2001
From: Martin Pitt <martin@piware.de>
Date: Thu, 18 Feb 2021 16:07:21 +0100
Subject: [PATCH] images: Minimize container

Use a multi-stage build [1], pick some "small container targetted" basic
packages, and remove some larger packages that we really don't need in
the container. This shrinks the container from 313 to 137 MB.

[1] https://docs.docker.com/develop/develop-images/multistage-build/
---
 images/Dockerfile | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/images/Dockerfile b/images/Dockerfile
index 6b5c7d1c..f0bf2b30 100644
--- a/images/Dockerfile
+++ b/images/Dockerfile
@@ -1,11 +1,23 @@
-FROM fedora:latest
+FROM fedora:latest AS builder
 LABEL maintainer='cockpit-devel@lists.fedorahosted.org'
 
-RUN dnf -y update && \
-    dnf -y install nginx openssh-server /usr/bin/python && \
-    dnf clean all && \
-    mkdir -p /home/user
-
+# avoid unnecessary stuff in the container; systemd is a protected package, so apply some extra force
+RUN source /etc/os-release && \
+    dnf install -y --releasever=$VERSION_ID --setopt=install_weak_deps=False --installroot=/build \
+        coreutils-single \
+        glibc-minimal-langpack \
+        nginx \
+        openssh-server \
+        tar \
+        /usr/bin/python3 && \
+    rpm --root=/build --verbose --erase --nodeps systemd && \
+    dnf remove -y --installroot=/build systemd-networkd device-mapper dbus-broker cryptsetup && \
+    rm -r /build/var/cache/dnf /build/var/lib/dnf /build/var/lib/rpm*
+
+FROM scratch
+COPY --from=builder /build /
+
+RUN mkdir -p /home/user
 # can't use ../sink/sink with docker build
 ADD https://raw.githubusercontent.com/cockpit-project/cockpituous/master/sink/sink /home/user/sink