Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adjust scanelf to properly remove "ruby-libs" in the "2.4-alpine3.6" image #161

Merged
merged 1 commit into from
Sep 22, 2017
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 3 additions & 4 deletions 2.2/alpine3.4/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -75,11 +75,10 @@ RUN set -ex \
&& make install \
\
&& runDeps="$( \
scanelf --needed --nobanner --recursive /usr/local \
| awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
| sort -u \
| xargs -r apk info --installed \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
| tr ',' '\n' \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
)" \
&& apk add --virtual .ruby-rundeps $runDeps \
bzip2 \
Expand Down
7 changes: 3 additions & 4 deletions 2.3/alpine3.4/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -75,11 +75,10 @@ RUN set -ex \
&& make install \
\
&& runDeps="$( \
scanelf --needed --nobanner --recursive /usr/local \
| awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
| sort -u \
| xargs -r apk info --installed \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
| tr ',' '\n' \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
)" \
&& apk add --virtual .ruby-rundeps $runDeps \
bzip2 \
Expand Down
7 changes: 3 additions & 4 deletions 2.4/alpine3.4/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -75,11 +75,10 @@ RUN set -ex \
&& make install \
\
&& runDeps="$( \
scanelf --needed --nobanner --recursive /usr/local \
| awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
| sort -u \
| xargs -r apk info --installed \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
| tr ',' '\n' \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
)" \
&& apk add --virtual .ruby-rundeps $runDeps \
bzip2 \
Expand Down
7 changes: 3 additions & 4 deletions 2.4/alpine3.6/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -75,11 +75,10 @@ RUN set -ex \
&& make install \
\
&& runDeps="$( \
scanelf --needed --nobanner --recursive /usr/local \
| awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
| sort -u \
| xargs -r apk info --installed \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
| tr ',' '\n' \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
)" \
&& apk add --virtual .ruby-rundeps $runDeps \
bzip2 \
Expand Down
7 changes: 3 additions & 4 deletions Dockerfile-alpine.template
Original file line number Diff line number Diff line change
Expand Up @@ -75,11 +75,10 @@ RUN set -ex \
&& make install \
\
&& runDeps="$( \
scanelf --needed --nobanner --recursive /usr/local \
| awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
| sort -u \
| xargs -r apk info --installed \
scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
| tr ',' '\n' \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

May I know what's the purpose of the spaces surrounding $1?

system("[ -e /usr/local/lib/" $1 " ]")

Anyway, shouldn't we do

system("[ -e /usr/local/lib/**/" $1 " ]")

to match libraries in subdirectories too?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

May I know what's the purpose of the spaces surrounding $1?

Just syntax -- makes it more readable. awk will concatenate the strings directly anyhow.

to match libraries in subdirectories too?

No, because [ -e /usr/local/lib/**/libxyz.so ] doesn't work properly in a shell (it could partially work if we enabled globstar in the subshell that awk spawns, but that's a bit heavy, and will still break completely if there's more than one result). If we needed that sort of check, we'd have to make that string a lot more complex.

In the case of Ruby, we know it's only installing .so files directly in /usr/local/lib, so those are all we need to filter out (so that we don't accidentally keep packages that provide .so files with the same basename, since apk's .so dependencies work based on the file basenames).

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm asking because it's relevant for docker-library/official-images#4404, specifically for Varnish 4.1 😄

I did not enable the globstar option but it seems to work? (For both /usr/local/lib/*.so in the case of Varnish 6.0 and /usr/local/lib/varnish/*.so in the case of Varnish 4.1)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Huh, that's strange -- I would imagine that without globstar enabled it's acting just like a single glob, but then it wouldn't match /usr/local/lib/xxx.so, so that's interesting. I wonder what adding set -x; [ ... ala system("set -x; [ -e /usr/local/lib/" $1 " ]") would show (since that should show the exact path that's getting matched).

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm... Can't say I understand what's going on:

+ scanelf --needed --nobanner+  --format '%n#p' --recursivetr /usr/local ,
 '\n'
+ sort -u
+ awk 'system("set -x; [ -e /usr/local/lib/**/" $1 " ]") == 0 { next } { print "so:" $1 }'
+ '[' -e '/usr/local/lib/**/libc.musl-x86_64.so.1' ]
+ '[' -e '/usr/local/lib/**/libedit.so.0' ]
+ '[' -e '/usr/local/lib/**/libexecinfo.so.1' ]
+ '[' -e '/usr/local/lib/**/libncursesw.so.6' ]
+ '[' -e '/usr/local/lib/**/libpcre.so.1' ]
+ '[' -e /usr/local/lib/varnish/libvarnish.so ]
+ '[' -e '/usr/local/lib/**/libvarnishapi.so.1' ]
+ '[' -e /usr/local/lib/varnish/libvcc.so ]
+ '[' -e /usr/local/lib/varnish/libvgz.so ]
+ runDeps='so:libc.musl-x86_64.so.1
so:libedit.so.0
so:libexecinfo.so.1
so:libncursesw.so.6
so:libpcre.so.1
so:libvarnishapi.so.1'

)" \
&& apk add --virtual .ruby-rundeps $runDeps \
bzip2 \
Expand Down