From 1fcecf926046ccbe7ecfe704970c773e37f46f77 Mon Sep 17 00:00:00 2001 From: Jonas Wielage Date: Fri, 22 Sep 2023 15:56:40 +0200 Subject: [PATCH] Modify rule S6587 Add more detailed explanation, split code examples (#3123) --- rules/S6587/docker/rule.adoc | 79 ++++++++++++++++++++++++++++-------- 1 file changed, 62 insertions(+), 17 deletions(-) diff --git a/rules/S6587/docker/rule.adoc b/rules/S6587/docker/rule.adoc index 89a85a8875..42284813f9 100644 --- a/rules/S6587/docker/rule.adoc +++ b/rules/S6587/docker/rule.adoc @@ -14,52 +14,97 @@ It should be reduced to speed up deployments and reduce storage and bandwidth. ==== Noncompliant code example +For apk: [source,docker,diff-id=1,diff-type=noncompliant] ---- RUN apk add nginx +---- + +For apt-get: +[source,docker,diff-id=2,diff-type=noncompliant] +---- RUN apt-get update \ && apt-get install nginx +---- + +For aptitude: +[source,docker,diff-id=3,diff-type=noncompliant] +---- RUN aptitude update \ && aptitude install nginx ---- +For apt: +[source,docker,diff-id=4,diff-type=noncompliant] +---- +RUN apt update \ + && apt install nginx +---- + ==== Compliant solution +For apk: [source,docker,diff-id=1,diff-type=compliant] ---- RUN apk --no-cache add nginx -RUN apk add nginx \ - && rm -rf /var/lib/apt/lists/* -RUN apk add nginx \ - && rm -rf /var/cache/apt/archives /var/lib/apt/lists/* +RUN apk add nginx \ + && apk cache clean + +RUN apk add nginx \ + && rm -rf /var/cache/apk/* + +# This cache location is only used in specific distributions / configurations +RUN apk add nginx \ + && rm -rf /etc/apk/cache/* +---- + +For apt-get: +[source,docker,diff-id=2,diff-type=compliant] +---- RUN apt-get update \ && apt-get install nginx \ && apt-get clean -RUN apt-get update \ - && apt-get install nginx \ - && rm -rf /var/lib/apt/lists/* -RUN apt-get update \ - && apt-get install nginx \ - && rm -rf /var/cache/apt/archives /var/lib/apt/lists/* +RUN apt-get update \ + && apt-get install nginx \ + && rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/* +---- + +For aptitude: +[source,docker,diff-id=3,diff-type=compliant] +---- RUN aptitude update \ && aptitude install nginx \ && aptitude clean + RUN aptitude update \ && aptitude install nginx \ - && rm -rf /var/lib/apt/lists/* -RUN aptitude update \ - && aptitude install nginx \ - && rm -rf /var/cache/apt/archives /var/lib/apt/lists/* + && rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/* +---- + +For apt: +[source,docker,diff-id=4,diff-type=compliant] +---- +RUN apt update \ + && apt install nginx \ + && apt clean + +RUN apt update \ + && apt install nginx \ + && rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/* ---- === How does this work? -When installing packages using `apk`, `apt-get`, or `aptitude` they store an index in the Docker image layer in `/var/lib/apt/lists/`. +When installing packages using `apt-get`, `aptitude` or `apt` they store an index in the Docker image layer in `/var/lib/apt/lists`. +Using `apk`, it will store an index in `/var/cache/apk/`. +In some distributions and configurations the cache will be created in `/etc/apk/cache`. + This index is not needed after installation, so it can be removed. -To do that execute the `clean` command of your package manager tool or just run `rm -rf /var/lib/apt/lists/*`. -Additionally, some lock files are stored in `/var/cache/apt/archives`. +To do that, execute the `clean` command, or run `rm -rf ` for the cache location of you package manager tool. + +Additionally, for `apt-get`, `aptitude` and `apt` some lock files are stored in `/var/cache/apt/archives`, which can also be removed safely. They are not removed by the `clean` command, so they need to be removed manually. == Resources