Removed python build-essential git and pkg-config from slim

[retrohacker]

Example changes recommended from #9

[pesho]

Thanks @wblankenship, lgtm 👍

Btw even curl and ca-certificates could probably be removed, if we don't care about npm by default.

[pesho]

Alternatively, if we want to drop support for binary modules, but still support npm, then maybe git should be left in.

[retrohacker]

curl -SLO "https://iojs.org/dist/v$IOJS_VERSION/iojs-v$IOJS_VERSION-linux-x64.tar.gz" would prevent us from removing curl, wget isn't included in debian:jessie by default unless there is another that I don't know of. Curl depends on ca-certificates so they will both get pulled in. We could do a quick check to see which is lighter on the dependencies: wget or curl? We could possibly install curl at the beginning of that chain of commands and then remove it at the end?

I think it is safe to leave git out for the same reason that native modules aren't initially supported by slim, git url's in a package.json are an edge case. A majority of modules don't require it and npm install will run without it as long as a git url isn't in the dependency tree.

[pesho]

Agree with all your points, after some thinking reached the same conclusion myself.

[retrohacker]

What would everyone's thoughts of doing the following be:

RUN apt-get update \
  && apt-get install -y \
          curl \
  && curl -SLO "https://iojs.org/dist/v$IOJS_VERSION/iojs-v$IOJS_VERSION-linux-x64.tar.gz" \
  && curl -SLO "https://iojs.org/dist/v$IOJS_VERSION/SHASUMS256.txt.asc" \
  && gpg --verify SHASUMS256.txt.asc \
  && grep " iojs-v$IOJS_VERSION-linux-x64.tar.gz\$" SHASUMS256.txt.asc | sha256sum -c - \
  && tar -xzf "iojs-v$IOJS_VERSION-linux-x64.tar.gz" -C /usr/local --strip-components=1 \
  && rm "iojs-v$IOJS_VERSION-linux-x64.tar.gz" SHASUMS256.txt.asc \
  && apt-get remove -y \
          curl \
  && apt-get autoremove -y \
  && rm -rf /var/lib/apt/lists/*

Then we could remove curl and ca-certificates

[yosifkit]

I think the autoremove might get you into trouble (maybe @tianon remembers why). We are trying to move to the following pattern:

RUN  apt-get update \
    && apt-get install -y --no-install-recommends bison ruby \
    # install stuff
    && apt-get purge -y --auto-remove bison ruby \
...

Memcached has a nice one: https://github.com/docker-library/memcached/blob/master/Dockerfile#L11. I have seen that sometimes when installed with recommends, apt likes to leave things behind after remove/purge.

[pesho]

It's bit extreme, but should save about 14 MB (with @yosifkit's pattern), so 👍

[tianon]

I think it was just build-essential -- when you install that one and try to
purge it later, there are a number of packages that won't go away.

As for manually calling autoremove separately, I usually prefer to do
"apt-get purge -y --auto-remove " so that I can do it in one step
together.

[retrohacker]

Interesting:

RUN apt-get update \
 && apt-get install -y --no-install-recommends \
      ca-certificates \
      curl \
...
 && apt-get purge -y --auto-remove \
      ca-certificates \
      curl \
 && rm -rf /var/lib/apt/lists/*

yields

The following extra packages will be installed:
  libcurl3 libffi6 libgcrypt20 libgmp10 libgnutls-deb0-28 libgpg-error0
  libgssapi-krb5-2 libhogweed2 libidn11 libk5crypto3 libkeyutils1 libkrb5-3
  libkrb5support0 libldap-2.4-2 libnettle4 libp11-kit0 librtmp1 libsasl2-2
  libsasl2-modules-db libssh2-1 libssl1.0.0 libtasn1-6 openssl
Suggested packages:
  rng-tools gnutls-bin krb5-doc krb5-user
Recommended packages:
  krb5-locales libsasl2-modules
The following NEW packages will be installed:
  ca-certificates curl libcurl3 libffi6 libgcrypt20 libgmp10 libgnutls-deb0-28
  libgpg-error0 libgssapi-krb5-2 libhogweed2 libidn11 libk5crypto3
  libkeyutils1 libkrb5-3 libkrb5support0 libldap-2.4-2 libnettle4 libp11-kit0
  librtmp1 libsasl2-2 libsasl2-modules-db libssh2-1 libssl1.0.0 libtasn1-6
  openssl
0 upgraded, 25 newly installed, 0 to remove and 79 not upgraded.
Need to get 5594 kB of archives.
After this operation, 14.2 MB of additional disk space will be used.
...
The following packages will be REMOVED:
  ca-certificates* curl* libcurl3* libgcrypt20* libgpg-error0*
  libgssapi-krb5-2* libidn11* libk5crypto3* libkeyutils1* libkrb5-3*
  libkrb5support0* librtmp1* libssh2-1* libssl1.0.0* openssl*
0 upgraded, 0 newly installed, 15 to remove and 79 not upgraded.
After this operation, 9880 kB disk space will be freed.

[pesho]

Same thing occurs with aptitude. Here is an ugly workaround:

FROM debian:jessie

RUN apt-get update \
 && apt-get install -y --no-install-recommends \
    ca-certificates curl \
 && apt-get purge -y --auto-remove \
    ca-certificates curl libffi6 libgmp10 libgnutls-deb0-28 libhogweed2 libldap-2.4-2 libnettle4 libp11-kit0 libsasl2-2 libsasl2-modules-db libtasn1-6 \
 && rm -rf /var/lib/apt/lists/*

But I wouldn't advocate using it, as it is too fragile, and the savings are negligible. Your version is good enough.

[retrohacker]

I did toss around the idea of explicitly removing the dependencies that are installed, but that makes the assumption that the dependency tree is static, which isn't a safe assumption.

[pesho]

I see that the buildpack-deps image has become more modular now - buildpack-deps:jessie-curl seems to be exactly what we need as a base for -slim.

[retrohacker]

Closed in favor of #19

[rvagg]

what's pkg-config used for in the non-slim version btw?

[pesho]

what's pkg-config used for in the non-slim version btw?

Not sure. Might have been necessary for some binary module some time in the past. In any case, it's already included in the full buildpack-deps and can be removed. In fact, the entire apt-get section in the non-slim Dockerfile is currently a no-op and can be removed.