Remove runtime dependencies from slim and alpine variants #493
+82
−164
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ diff -u <(docker run --rm ruby:3.4-alpine3.21 apk list --installed) <(docker run --rm sha256:d308034192dc3c4be45c525bd1dca5b15d47f7e9bcd976cbefcfcf5038ad0327 apk list --installed)
--- /dev/fd/63 2025-01-07 16:43:54.033009028 -0800
+++ /dev/fd/62 2025-01-07 16:43:54.033009028 -0800
@@ -1,4 +1,4 @@
-.ruby-rundeps-20250107.032108 noarch {.ruby-rundeps} () [installed]
+.ruby-rundeps-20250108.003903 noarch {.ruby-rundeps} () [installed]
alpine-baselayout-3.6.8-r1 x86_64 {alpine-baselayout} (GPL-2.0-only) [installed]
alpine-baselayout-data-3.6.8-r1 x86_64 {alpine-baselayout} (GPL-2.0-only) [installed]
alpine-keys-2.5-r0 x86_64 {alpine-keys} (MIT) [installed]
@@ -6,30 +6,15 @@
apk-tools-2.14.6-r2 x86_64 {apk-tools} (GPL-2.0-only) [installed]
busybox-1.37.0-r9 x86_64 {busybox} (GPL-2.0-only) [installed]
busybox-binsh-1.37.0-r9 x86_64 {busybox} (GPL-2.0-only) [installed]
-bzip2-1.0.8-r6 x86_64 {bzip2} (bzip2-1.0.6) [installed]
-ca-certificates-20241121-r0 x86_64 {ca-certificates} (MPL-2.0 AND MIT) [installed]
ca-certificates-bundle-20241121-r0 x86_64 {ca-certificates} (MPL-2.0 AND MIT) [installed]
gmp-6.3.0-r2 x86_64 {gmp} (LGPL-3.0-or-later OR GPL-2.0-or-later) [installed]
-gmp-dev-6.3.0-r2 x86_64 {gmp} (LGPL-3.0-or-later OR GPL-2.0-or-later) [installed]
libcrypto3-3.3.2-r4 x86_64 {openssl} (Apache-2.0) [installed]
libffi-3.4.6-r0 x86_64 {libffi} (MIT) [installed]
-libffi-dev-3.4.6-r0 x86_64 {libffi} (MIT) [installed]
libgcc-14.2.0-r4 x86_64 {gcc} (GPL-2.0-or-later AND LGPL-2.1-or-later) [installed]
-libgmpxx-6.3.0-r2 x86_64 {gmp} (LGPL-3.0-or-later OR GPL-2.0-or-later) [installed]
-libintl-0.22.5-r0 x86_64 {gettext} (LGPL-2.1-or-later) [installed]
-libncursesw-6.5_p20241006-r3 x86_64 {ncurses} (X11) [installed]
-libproc2-4.0.4-r2 x86_64 {procps-ng} (GPL-2.0-or-later AND LGPL-2.1-or-later) [installed]
libssl3-3.3.2-r4 x86_64 {openssl} (Apache-2.0) [installed]
-libstdc++-14.2.0-r4 x86_64 {gcc} (GPL-2.0-or-later AND LGPL-2.1-or-later) [installed]
-linux-headers-6.6-r1 x86_64 {linux-headers} (GPL-2.0-only) [installed]
musl-1.2.5-r8 x86_64 {musl} (MIT) [installed]
musl-utils-1.2.5-r8 x86_64 {musl} (MIT AND BSD-2-Clause AND GPL-2.0-or-later) [installed]
-ncurses-terminfo-base-6.5_p20241006-r3 x86_64 {ncurses} (X11) [installed]
-pkgconf-2.3.0-r0 x86_64 {pkgconf} (ISC) [installed]
-procps-ng-4.0.4-r2 x86_64 {procps-ng} (GPL-2.0-or-later AND LGPL-2.1-or-later) [installed]
scanelf-1.3.8-r1 x86_64 {pax-utils} (GPL-2.0-only) [installed]
ssl_client-1.37.0-r9 x86_64 {busybox} (GPL-2.0-only) [installed]
yaml-0.2.5-r2 x86_64 {yaml} (MIT) [installed]
-yaml-dev-0.2.5-r2 x86_64 {yaml} (MIT) [installed]
zlib-1.3.1-r2 x86_64 {zlib} (Zlib) [installed]
-zlib-dev-1.3.1-r2 x86_64 {zlib} (Zlib) [installed]$ diff -u <(docker run --rm ruby:3.4-slim-bookworm dpkg -l) <(docker run --rm sha256:eb3b6d256588cd8cb86a5a77ebedf80c712b2bf145f299d85251b96b59760f84 dpkg -l)
--- /dev/fd/63 2025-01-07 16:44:40.129447525 -0800
+++ /dev/fd/62 2025-01-07 16:44:40.133447563 -0800
@@ -9,7 +9,6 @@
ii base-passwd 3.6.1 amd64 Debian base system master password and group files
ii bash 5.2.15-2+b7 amd64 GNU Bourne Again SHell
ii bsdutils 1:2.38.1-5+deb12u2 amd64 basic utilities from 4.4BSD-Lite
-ii bzip2 1.0.8-5+b1 amd64 high-quality block-sorting file compressor - utilities
ii ca-certificates 20230311 all Common CA certificates
ii coreutils 9.1-1 amd64 GNU core utilities
ii dash 0.5.12-2 amd64 POSIX-compliant shell
@@ -34,48 +33,33 @@
ii libblkid1:amd64 2.38.1-5+deb12u2 amd64 block device ID library
ii libbz2-1.0:amd64 1.0.8-5+b1 amd64 high-quality block-sorting file compressor library - runtime
ii libc-bin 2.36-9+deb12u9 amd64 GNU C Library: Binaries
-ii libc-dev-bin 2.36-9+deb12u9 amd64 GNU C Library: Development binaries
ii libc6:amd64 2.36-9+deb12u9 amd64 GNU C Library: Shared libraries
-ii libc6-dev:amd64 2.36-9+deb12u9 amd64 GNU C Library: Development Libraries and Header Files
ii libcap-ng0:amd64 0.8.3-1+b3 amd64 alternate POSIX capabilities library
ii libcap2:amd64 1:2.66-4 amd64 POSIX 1003.1e capabilities (library)
ii libcom-err2:amd64 1.47.0-2 amd64 common error description library
-ii libcrypt-dev:amd64 1:4.4.33-2 amd64 libcrypt development files
ii libcrypt1:amd64 1:4.4.33-2 amd64 libcrypt shared library
ii libdb5.3:amd64 5.3.28+dfsg2-1 amd64 Berkeley v5.3 Database Libraries [runtime]
ii libdebconfclient0:amd64 0.270 amd64 Debian Configuration Management System (C-implementation library)
ii libext2fs2:amd64 1.47.0-2 amd64 ext2/ext3/ext4 file system libraries
-ii libffi-dev:amd64 3.4.4-1 amd64 Foreign Function Interface library (development files)
ii libffi8:amd64 3.4.4-1 amd64 Foreign Function Interface library runtime
ii libgcc-s1:amd64 12.2.0-14 amd64 GCC support library
ii libgcrypt20:amd64 1.10.1-3 amd64 LGPL Crypto library - runtime library
-ii libgmp-dev:amd64 2:6.2.1+dfsg1-1.1 amd64 Multiprecision arithmetic library developers tools
ii libgmp10:amd64 2:6.2.1+dfsg1-1.1 amd64 Multiprecision arithmetic library
-ii libgmpxx4ldbl:amd64 2:6.2.1+dfsg1-1.1 amd64 Multiprecision arithmetic library (C++ bindings)
ii libgnutls30:amd64 3.7.9-2+deb12u3 amd64 GNU TLS library - main runtime library
ii libgpg-error0:amd64 1.46-1 amd64 GnuPG development runtime library
-ii libgssapi-krb5-2:amd64 1.20.1-2+deb12u2 amd64 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii libhogweed6:amd64 3.8.1-2 amd64 low level cryptographic library (public-key cryptos)
ii libidn2-0:amd64 2.3.3-1+b1 amd64 Internationalized domain names (IDNA2008/TR46) library
-ii libk5crypto3:amd64 1.20.1-2+deb12u2 amd64 MIT Kerberos runtime libraries - Crypto Library
-ii libkeyutils1:amd64 1.6.3-2 amd64 Linux Key Management Utilities (library)
-ii libkrb5-3:amd64 1.20.1-2+deb12u2 amd64 MIT Kerberos runtime libraries
-ii libkrb5support0:amd64 1.20.1-2+deb12u2 amd64 MIT Kerberos runtime libraries - Support library
ii liblz4-1:amd64 1.9.4-1 amd64 Fast LZ compression algorithm library - runtime
ii liblzma5:amd64 5.4.1-0.2 amd64 XZ-format compression library
ii libmd0:amd64 1.0.4-2 amd64 message digest functions from BSD systems - shared library
ii libmount1:amd64 2.38.1-5+deb12u2 amd64 device mounting library
-ii libncursesw6:amd64 6.4-4 amd64 shared libraries for terminal handling (wide character support)
ii libnettle8:amd64 3.8.1-2 amd64 low level cryptographic library (symmetric and one-way cryptos)
-ii libnsl-dev:amd64 1.3.0-2 amd64 libnsl development files
-ii libnsl2:amd64 1.3.0-2 amd64 Public client interface for NIS(YP) and NIS+
ii libp11-kit0:amd64 0.24.1-2 amd64 library for loading and coordinating access to PKCS#11 modules - runtime
ii libpam-modules:amd64 1.5.2-6+deb12u1 amd64 Pluggable Authentication Modules for PAM
ii libpam-modules-bin 1.5.2-6+deb12u1 amd64 Pluggable Authentication Modules for PAM - helper binaries
ii libpam-runtime 1.5.2-6+deb12u1 all Runtime support for the PAM library
ii libpam0g:amd64 1.5.2-6+deb12u1 amd64 Pluggable Authentication Modules library
ii libpcre2-8-0:amd64 10.42-1 amd64 New Perl Compatible Regular Expression Library- 8 bit runtime files
-ii libproc2-0:amd64 2:4.0.2-3 amd64 library for accessing process information from /proc
ii libseccomp2:amd64 2.5.4-1+deb12u1 amd64 high level interface to Linux seccomp filter
ii libselinux1:amd64 3.4-1+b6 amd64 SELinux runtime shared libraries
ii libsemanage-common 3.4-1 all Common files for SELinux policy management libraries
@@ -83,23 +67,17 @@
ii libsepol2:amd64 3.4-2.1 amd64 SELinux library for manipulating binary security policies
ii libsmartcols1:amd64 2.38.1-5+deb12u2 amd64 smart column output alignment library
ii libss2:amd64 1.47.0-2 amd64 command-line interface parsing library
-ii libssl-dev:amd64 3.0.15-1~deb12u1 amd64 Secure Sockets Layer toolkit - development files
ii libssl3:amd64 3.0.15-1~deb12u1 amd64 Secure Sockets Layer toolkit - shared libraries
ii libstdc++6:amd64 12.2.0-14 amd64 GNU Standard C++ Library v3
ii libsystemd0:amd64 252.31-1~deb12u1 amd64 systemd utility library
ii libtasn1-6:amd64 4.19.0-2 amd64 Manage ASN.1 structures (runtime)
ii libtinfo6:amd64 6.4-4 amd64 shared low-level terminfo library for terminal handling
-ii libtirpc-common 1.3.3+ds-1 all transport-independent RPC library - common files
-ii libtirpc-dev:amd64 1.3.3+ds-1 amd64 transport-independent RPC library - development files
-ii libtirpc3:amd64 1.3.3+ds-1 amd64 transport-independent RPC library
ii libudev1:amd64 252.31-1~deb12u1 amd64 libudev shared library
ii libunistring2:amd64 1.0-2 amd64 Unicode string library for C
ii libuuid1:amd64 2.38.1-5+deb12u2 amd64 Universally Unique ID library
ii libxxhash0:amd64 0.8.1-1 amd64 shared library for xxhash
ii libyaml-0-2:amd64 0.2.5-1 amd64 Fast YAML 1.1 parser and emitter library
-ii libyaml-dev:amd64 0.2.5-1 amd64 Fast YAML 1.1 parser and emitter library (development)
ii libzstd1:amd64 1.5.4+dfsg2-5 amd64 fast lossless compression algorithm
-ii linux-libc-dev:amd64 6.1.119-1 amd64 Linux support headers for userspace development
ii login 1:4.13+dfsg1-1+b1 amd64 system login tools
ii logsave 1.47.0-2 amd64 save the output of a command in a log file
ii mawk 1.3.4.20200120-3.1 amd64 Pattern scanning and text processing language
@@ -109,8 +87,6 @@
ii openssl 3.0.15-1~deb12u1 amd64 Secure Sockets Layer toolkit - cryptographic utility
ii passwd 1:4.13+dfsg1-1+b1 amd64 change and administer password and group data
ii perl-base 5.36.0-7+deb12u1 amd64 minimal Perl system
-ii procps 2:4.0.2-3 amd64 /proc file system utilities
-ii rpcsvc-proto 1.4.3-1 amd64 RPC protocol compiler and definitions
ii sed 4.9-1 amd64 GNU stream editor for filtering/transforming text
ii sysvinit-utils 3.06-4 amd64 System-V-like utilities
ii tar 1.34+dfsg-1.2+deb12u1 amd64 GNU version of the tar archiving utility
@@ -119,4 +95,3 @@
ii util-linux 2.38.1-5+deb12u2 amd64 miscellaneous system utilities
ii util-linux-extra 2.38.1-5+deb12u2 amd64 interactive login tools
ii zlib1g:amd64 1:1.2.13.dfsg-1 amd64 compression library - runtime
-ii zlib1g-dev:amd64 1:1.2.13.dfsg-1 amd64 compression library - development |
Earlopain
reviewed
Jan 8, 2025
These were never intended to be part of the "interface" of the `slim` and `alpine` images -- they were included before we had fancy `ldd`/`scanelf`-based runtime dependency inclusion, and were a metapackage that helped us avoid the complexity of `libyaml3` vs `libyaml4` (and making sure we install the correct one). This moves them to explicit build-time dependencies accordingly, as they should've always been.
docker-library-bot
added a commit
to docker-library-bot/official-images
that referenced
this pull request
Jan 13, 2025
Changes: - docker-library/ruby@9b6a2e2: Merge pull request docker-library/ruby#493 from infosiftr/oops - docker-library/ruby@a8087c8: Merge pull request docker-library/ruby#494 from Earlopain/bump-rust-1.84.0 - docker-library/ruby@d86ed5e: Bump Rust to 1.84.0 - docker-library/ruby@7f078b1: Remove runtime dependencies from slim and alpine variants
byroot
pushed a commit
to rails/rails
that referenced
this pull request
Jan 14, 2025
In recent Ruby images libyaml-dev was removed. This package is required to install/build psych gem. refs docker-library/ruby#493
|
This change has also removed It appears I had Rails dependancies that called out to |
We had a container health check that was relying on While I generally like the idea of keeping "slim" images "slim", you should also probably know that there's people who's relying on the "official" ruby image for auto applying patches and that expect these images to be kinda stable. Apparently that assumption is wrong though. |
|
Those images were already released. Why is it possible to update already published versions instead of releasing new ones? |
Agreed, these are breaking changes to all downstream images, added into to an existing version without any notification or ability to control. |
|
We spent several hours troubleshooting issues with our deployment, and the last thing we expected was for dependencies to be removed without any notification or documentation. |
|
Bundler deployment disables use of system installed gems. You just broken every rails deploy because it can't build psych. |
3 tasks
3 tasks
|
To resolve my issue of Rails gems not building I added the following to the intermediary build step in my Dockerfile: |
|
The default Rails |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
These were never intended to be part of the "interface" of the
slimandalpineimages -- they were included before we had fancyldd/scanelf-based runtime dependency inclusion, and were a metapackage that helped us avoid the complexity oflibyaml3vslibyaml4(and making sure we install the correct one). This moves them to explicit build-time dependencies accordingly, as they should've always been.Closes #492
Refs: