From d39582d1dafdf162ba74eb98c71c40ccbf4269df Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Tue, 20 Jan 2026 10:28:16 +0100 Subject: [PATCH] feat(docker): introduce slim.sh for safe image cleanup and run it during build - add verbose distro-aware cleanup script (apk/apt/pacman/dnf/yum) - remove package manager caches, logs, tmp and user caches - keep runtime-critical files untouched - execute cleanup during image build to reduce final size https://chatgpt.com/share/696f4ab6-fae8-800f-9a46-e73eb8317791 --- Dockerfile | 12 ++++ scripts/docker/slim.sh | 130 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 142 insertions(+) create mode 100644 scripts/docker/slim.sh diff --git a/Dockerfile b/Dockerfile index b071b67..045d6a1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,6 +24,12 @@ COPY scripts/installation/ scripts/installation/ # Install distro-specific build dependencies (including make) RUN bash scripts/installation/dependencies.sh +# ------------------------------------------------------------ +# Image cleanup (reduce final size) +# ------------------------------------------------------------ +COPY scripts/docker/slim.sh /usr/local/bin/slim.sh +RUN chmod +x /usr/local/bin/slim.sh && /usr/local/bin/slim.sh + # Virgin default CMD ["bash"] @@ -52,4 +58,10 @@ COPY scripts/docker/entry.sh /usr/local/bin/docker-entry.sh WORKDIR /opt/src/pkgmgr ENTRYPOINT ["/usr/local/bin/docker-entry.sh"] + +# ------------------------------------------------------------ +# Image cleanup (reduce final size) +# ------------------------------------------------------------ +RUN /usr/local/bin/slim.sh + CMD ["pkgmgr", "--help"] diff --git a/scripts/docker/slim.sh b/scripts/docker/slim.sh new file mode 100644 index 0000000..4c27476 --- /dev/null +++ b/scripts/docker/slim.sh @@ -0,0 +1,130 @@ +#!/usr/bin/env bash +set -euo pipefail + +log() { echo "[cleanup] $*"; } +warn() { echo "[cleanup][WARN] $*" >&2; } + +MODE="${MODE:-safe}" # safe | aggressive +# safe: caches/logs/tmp only +# aggressive: safe + docs/man/info (optional) + +ID="unknown" +if [ -f /etc/os-release ]; then + # shellcheck disable=SC1091 + . /etc/os-release + ID="${ID:-unknown}" +fi + +log "Starting image cleanup" +log "Mode: ${MODE}" +log "Detected OS: ${ID}" + +# ------------------------------------------------------------ +# Package manager caches (SAFE) +# ------------------------------------------------------------ +case "${ID}" in + alpine) + log "Cleaning apk cache" + if [ -d /var/cache/apk ]; then + du -sh /var/cache/apk || true + rm -rvf /var/cache/apk/* || true + else + log "apk cache directory not present (already clean)" + fi + ;; + arch) + log "Cleaning pacman cache" + du -sh /var/cache/pacman/pkg 2>/dev/null || true + pacman -Scc --noconfirm || true + rm -rvf /var/cache/pacman/pkg/* || true + ;; + debian|ubuntu) + log "Cleaning apt cache" + du -sh /var/lib/apt/lists 2>/dev/null || true + apt-get clean || true + rm -rvf /var/lib/apt/lists/* || true + ;; + fedora) + log "Cleaning dnf cache" + du -sh /var/cache/dnf 2>/dev/null || true + dnf clean all || true + rm -rvf /var/cache/dnf/* || true + ;; + centos|rhel) + log "Cleaning yum/dnf cache" + du -sh /var/cache/yum /var/cache/dnf 2>/dev/null || true + (command -v dnf >/dev/null 2>&1 && dnf clean all) || true + (command -v yum >/dev/null 2>&1 && yum clean all) || true + rm -rvf /var/cache/yum/* /var/cache/dnf/* || true + ;; + *) + warn "Unknown distro '${ID}' — skipping package manager cleanup" + ;; +esac + +# ------------------------------------------------------------ +# Python caches (SAFE) +# ------------------------------------------------------------ +log "Cleaning pip cache" +du -sh /root/.cache/pip 2>/dev/null || true +rm -rvf /root/.cache/pip 2>/dev/null || true +rm -rvf /home/*/.cache/pip 2>/dev/null || true + +log "Cleaning __pycache__ directories" +find /opt /usr /root /home -type d -name "__pycache__" -print -prune 2>/dev/null || true +find /opt /usr /root /home -type d -name "__pycache__" -prune -exec rm -rvf {} + 2>/dev/null || true + +# ------------------------------------------------------------ +# Logs (SAFE) +# ------------------------------------------------------------ +log "Truncating log files (keeping paths intact)" +if [ -d /var/log ]; then + find /var/log -type f -name "*.log" -print 2>/dev/null || true + find /var/log -type f -name "*.log" -exec sh -lc ': > "$1" 2>/dev/null || true' _ {} \; 2>/dev/null || true + + find /var/log -type f -name "*.out" -print 2>/dev/null || true + find /var/log -type f -name "*.out" -exec sh -lc ': > "$1" 2>/dev/null || true' _ {} \; 2>/dev/null || true +fi + +if command -v journalctl >/dev/null 2>&1; then + log "Vacuuming journald logs" + journalctl --disk-usage || true + journalctl --vacuum-size=10M || true + journalctl --vacuum-time=1s || true + journalctl --disk-usage || true +else + log "journald not present (skipping)" +fi + +# ------------------------------------------------------------ +# Temporary files (SAFE) +# ------------------------------------------------------------ +log "Cleaning temporary directories" +if [ -d /tmp ]; then + du -sh /tmp 2>/dev/null || true + rm -rvf /tmp/* || true +fi + +if [ -d /var/tmp ]; then + du -sh /var/tmp 2>/dev/null || true + rm -rvf /var/tmp/* || true +fi + +# ------------------------------------------------------------ +# Generic caches (SAFE) +# ------------------------------------------------------------ +log "Cleaning generic caches" +du -sh /root/.cache 2>/dev/null || true +rm -rvf /root/.cache/* 2>/dev/null || true +rm -rvf /home/*/.cache/* 2>/dev/null || true + +# ------------------------------------------------------------ +# Optional aggressive extras (still safe for runtime) +# ------------------------------------------------------------ +if [[ "${MODE}" == "aggressive" ]]; then + log "Aggressive mode enabled: removing docs/man/info" + du -sh /usr/share/doc /usr/share/man /usr/share/info 2>/dev/null || true + rm -rvf /usr/share/doc/* /usr/share/man/* /usr/share/info/* 2>/dev/null || true +fi + +log "Cleanup finished successfully"