starred/super
1
0
Fork 0
mirror of https://github.com/spr-networks/super.git synced 2026-04-25 21:05:55 +03:00
Code Issues 42 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #37] Unify apt packages across container images #2

New issue
Closed
opened 2026-03-04 01:33:51 +03:00 by kerem · 4 comments
kerem commented 2026-03-04 01:33:51 +03:00
Owner
Copy link

Originally created by @rgov on GitHub (Jul 28, 2022).
Original GitHub issue: https://github.com/spr-networks/super/issues/37

Many of the Dockerfiles declare very similar sets of apt packages:

RUN apt-get install -y iptables nftables iproute2 netcat inetutils-ping net-tools nano ca-certificates
RUN apt-get install -y iptables nftables iproute2 netcat inetutils-ping net-tools nano ca-certificates curl
RUN apt-get install -y nftables iproute2 netcat inetutils-ping net-tools nano ca-certificates
RUN apt-get install -y nftables iproute2 netcat inetutils-ping net-tools nano ca-certificates curl
RUN apt-get install -y nftables iproute2 netcat inetutils-ping net-tools nano ca-certificates curl hostapd systemd jq jc iw
RUN apt-get install -y nftables iproute2 netcat inetutils-ping net-tools nano ca-certificates git curl
RUN apt-get install -y nftables iproute2 netcat inetutils-ping net-tools nano ca-certificates git curl clang
RUN apt-get install -y --no-install-recommends ca-certificates nftables iproute2 netcat inetutils-ping net-tools nano
RUN apt-get install -y --no-install-recommends nftables iproute2 netcat inetutils-ping net-tools nano ca-certificates git curl
RUN apt-get install -y --no-install-recommends nftables iproute2 netcat inetutils-ping net-tools nano wireguard-tools

This is going to take up a lot of space and increase build time generating many different layers that are similar to one another. Consider factoring out the common group and installing them all at once as the first step.

There is also an official note on best practices when using apt-get. The recommendation is to make all package installations follow this pattern (with alphabetized packages for better diffs):

RUN apt-get update && apt-get install -y \
    aufs-tools \
    automake \
    build-essential \
    curl \
    dpkg-sig \
    libcap-dev \
    libsqlite3-dev \
    mercurial \
    reprepro \
    ruby1.9.1 \
    ruby1.9.1-dev \
    s3cmd=1.1.* \
 && rm -rf /var/lib/apt/lists/*

You may end up running multiple installations in one Dockerfile (e.g., common packages vs container-specific packages).

Originally created by @rgov on GitHub (Jul 28, 2022). Original GitHub issue: https://github.com/spr-networks/super/issues/37 Many of the Dockerfiles declare very similar sets of apt packages: ``` RUN apt-get install -y iptables nftables iproute2 netcat inetutils-ping net-tools nano ca-certificates RUN apt-get install -y iptables nftables iproute2 netcat inetutils-ping net-tools nano ca-certificates curl RUN apt-get install -y nftables iproute2 netcat inetutils-ping net-tools nano ca-certificates RUN apt-get install -y nftables iproute2 netcat inetutils-ping net-tools nano ca-certificates curl RUN apt-get install -y nftables iproute2 netcat inetutils-ping net-tools nano ca-certificates curl hostapd systemd jq jc iw RUN apt-get install -y nftables iproute2 netcat inetutils-ping net-tools nano ca-certificates git curl RUN apt-get install -y nftables iproute2 netcat inetutils-ping net-tools nano ca-certificates git curl clang RUN apt-get install -y --no-install-recommends ca-certificates nftables iproute2 netcat inetutils-ping net-tools nano RUN apt-get install -y --no-install-recommends nftables iproute2 netcat inetutils-ping net-tools nano ca-certificates git curl RUN apt-get install -y --no-install-recommends nftables iproute2 netcat inetutils-ping net-tools nano wireguard-tools ``` This is going to take up a lot of space and increase build time generating many different layers that are similar to one another. Consider factoring out the common group and installing them all at once as the first step. There is also [an official note on best practices](https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#apt-get) when using `apt-get`. The recommendation is to make all package installations follow this pattern (with alphabetized packages for better diffs): ``` RUN apt-get update && apt-get install -y \ aufs-tools \ automake \ build-essential \ curl \ dpkg-sig \ libcap-dev \ libsqlite3-dev \ mercurial \ reprepro \ ruby1.9.1 \ ruby1.9.1-dev \ s3cmd=1.1.* \ && rm -rf /var/lib/apt/lists/* ``` You may end up running multiple installations in one Dockerfile (e.g., common packages vs container-specific packages).
kerem closed this issue 2026-03-04 01:34:00 +03:00
kerem commented 2026-03-04 01:34:03 +03:00
Author
Owner
Copy link

@rgov commented on GitHub (Jul 28, 2022):

If you need a set of packages in both the builder and the final image, you can avoid repetition like so:

FROM ubuntu:22.04 as common
RUN apt update && ...

FROM common as builder
...

FROM common
...
<!-- gh-comment-id:1198602316 --> @rgov commented on GitHub (Jul 28, 2022): If you need a set of packages in both the builder and the final image, you can avoid repetition like so: ```dockerfile FROM ubuntu:22.04 as common RUN apt update && ... FROM common as builder ... FROM common ... ```
kerem commented 2026-03-04 01:34:03 +03:00
Author
Owner
Copy link

@rgov commented on GitHub (Jul 28, 2022):

Quick glance at the apt-get update layers suggests each one takes 35.2 MB * 11 images = 387.2 MB of unnecessary list files.

Also as the link above shows, if apt-get update is on its own layer, the package lists will get cached separately and this will be an annoyance to invalidate if you ever want to pull newer packages.

<!-- gh-comment-id:1198706542 --> @rgov commented on GitHub (Jul 28, 2022): Quick glance at the `apt-get update` layers suggests each one takes 35.2 MB * 11 images = 387.2 MB of unnecessary list files. Also as the link above shows, if `apt-get update` is on its own layer, the package lists will get cached separately and this will be an annoyance to invalidate if you ever want to pull newer packages.
kerem commented 2026-03-04 01:34:03 +03:00
Author
Owner
Copy link

@lts-rad commented on GitHub (Jul 29, 2022):

will take a look at this much later. my bigger question is if this actually saves us considerable space, for the headaches it might cause in the future as a result of trying to keep everything in sync.

clang, hostapd, wireguard-tools we do not want across all containers. hostapd in particular could interfere with the wifid container which builds its own.

<!-- gh-comment-id:1199724931 --> @lts-rad commented on GitHub (Jul 29, 2022): will take a look at this much later. my bigger question is if this actually saves us considerable space, for the headaches it might cause in the future as a result of trying to keep everything in sync. clang, hostapd, wireguard-tools we do not want across all containers. hostapd in particular could interfere with the wifid container which builds its own.
kerem commented 2026-03-04 01:34:04 +03:00
Author
Owner
Copy link

@lts-rad commented on GitHub (Feb 9, 2023):

This has been merged

<!-- gh-comment-id:1424785673 --> @lts-rad commented on GitHub (Feb 9, 2023): This has been merged
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dev
wifi7_support
experimental
dyn_test
dev-android-ui
dns-graph
dev-apns
v1.0.30
clearfog-v1.0.29
v1.0.29
v1.0.28
clearfog-v1.0.28
v1.0.27
clearfog-v1.0.27
v1.0.26
clearfog-v1.0.26
v1.0.25
clearfog-v1.0.25
clearfog-v1.0.24
v1.0.24
v1.0.23
clearfog-v1.0.23
v1.0.22
clearfog-v1.0.22
v1.0.21
clearfog-v1.0.21
v1.0.20
clearfog-v1.0.20
v1.0.19
clearfog-v1.0.19
v1.0.18
clearfog-v1.0.18
clearfog-v1.0.17
v1.0.17
v1.0.15
clearfog-v1.0.15
v1.0.14
clearfog-v1.0.14
v1.0.13
clearfog-v1.0.13
v1.0.12
clearfog-v1.0.12
clearfog-v1.0.11
v1.0.11
clearfog-v1.0.10
v1.0.10
v1.0.9
clearfog-v1.0.9
v1.0.8
clearfog-v1.0.8
clearfog-v1.0.7
v1.0.7
v1.0.6
clearfog-v1.0.6
clearfog-v1.0.5
v1.0.5
ios-v1.0.4
v1.0.4
clearfog-v1.0.4
clearfog-v1.0.3
v1.0.3
v1.0.2
clearfog-v1.0.2
clearfog-v1.0.1
v1.0.1
v1.0.0-dev
clearfog-v1.0.0
v1.0.0
ios-v0.3.24
clearfog-v0.3.24
v0.3.24
clearfog-v0.3.23
v0.3.23
v0.3.22
clearfog-v0.3.22
clearfog-v0.3.21
v0.3.21
v0.3.20
clearfog-v0.3.20
v0.3.19
clearfog-v0.3.19
v0.3.18
clearfog-v0.3.18
clearfog-v0.3.17
v0.3.17
clearfog-v0.3.16
v0.3.16
v0.3.15
clearfog-v0.3.15
ios-v0.3.14
v0.3.14
clearfog-v0.3.14
clearfog-v0.3.13
v0.3.13
ios-v0.3.12
v0.3.12
clearfog-v0.3.12
ios-v0.3.11
clearfog-v0.3.11
v0.3.11
clearfog-v0.3.10
v0.3.10
v0.3.9
clearfog-v0.3.9
v0.3.8
clearfog-v0.3.8
clearfog-v0.3.7
v0.3.7
clearfog-v0.3.6
v0.3.6
clearfog-v0.3.5
v0.3.5
clearfog-v0.3.4
v0.3.4
v0.3.3
clearfog-v0.3.3
v0.3.2
clearfog-v0.3.2
v0.3.1
clearfog-v0.3.1
v0.3.0
clearfog-v0.3.0
clearfog-v0.2.28
v0.2.28
v0.2.27
clearfog-v0.2.27
clearfog-v0.2.26
v0.2.26
v0.2.25
clearfog-v0.2.25
v0.2.24
clearfog-v0.2.24
v0.2.23
clearfog-v0.2.23
v0.2.22
clearfog-v0.2.22
clearfog-v0.2.21
v0.2.21
v0.2.20
clearfog-v0.2.20
v0.2.19
clearfog-v0.2.19
v0.2.18
clearfog-v0.2.18
v0.2.17
v0.2.16
clearfog-v0.2.16
clearfog-v0.2.15
v0.2.15
v0.2.14
clearfog-v0.2.14
clearfog-v0.2.13
v0.2.13
clearfog-v0.2.12
v0.2.12
v0.2.11
clearfog-v0.2.11
v0.2.10
clearfog-v0.2.9
v0.2.9
clearfog-v0.2.8
v0.2.8
clearfog-v0.2.7
v0.2.7
v0.2.6
clearfog-v0.2.6
v0.2.5
v0.2.4
clearfog-v0.2.4
v0.2.3
clearfog-v0.2.3
v0.2.2
clearfog-v0.2.2
v0.2.1
clearfog-v0.2.1
v0.2.0
clearfog-v0.2.0
v0.1.33
clearfog-v0.1.33
v0.1.32
clearfog-v0.1.32
v0.1.31
clearfog-v0.1.31
v0.1.30
clearfog-v0.1.30
v0.1.29
clearfog-v0.1.29
clearfog-v0.1.28
v0.1.28
clearfog-v0.1.27
v0.1.27
v0.1.26
clearfog-v0.1.26
v0.1.25
clearfog-v0.1.25
v0.1.25-beta.6
v0.1.25-beta.5
v0.1.25-beta.4
v0.1.25-beta.3
v0.1.25-beta.2
v0.1.25-beta.1
v0.1.25-beta.0
v0.1.24
clearfog-v0.1.23
v0.1.23
clearfog-v0.1.22
v0.1.22
v0.1.21
clearfog-v0.1.21
v0.1.21-beta.1
v0.1.21-beta.0
v0.1.20
clearfog-v0.1.19
v0.1.19
clearfog-v0.1.18
v0.1.18
v0.1.17
clearfog-v0.1.17
clearfog-v0.1.16
v0.1.16-beta.3
v0.1.16-beta.2
v0.1.16-beta.1
v0.1.16-beta.0
v0.1.15
clearfog-v0.1.15
v0.1.14
v0.1.14-beta.0
v0.1.13
v0.1.12
v0.1.12-beta.7
v0.1.12-beta.6
v0.1.12-beta.5
v0.1.12-beta.4
v0.1.12-beta.3
v0.1.12-beta.2
v0.1.12-beta.1
v0.1.12-beta.0
v0.1.11
v0.1.11-beta.3
v0.1.11-beta.2
v0.1.11-beta.1
v0.1.11-beta.0
v0.1.10
v0.1.10-beta.0
v0.1.9
v0.1.9-beta.0
v0.1.8
v0.1.8-beta.0
v0.1.7
v0.1.6
v0.1.5
v0.1.4
v0.1.4-beta.15
v0.1.4-beta.14
v0.1.4-beta.13
v0.1.4-beta.12
v0.1.4-beta.11
v0.1.4-beta.10
v0.1.4-beta.9
v0.1.4-beta.8
v0.1.4-beta.7
v0.1.4-beta.6
v0.1.4-beta.5
v0.1.4-beta.4
v0.1.4-beta.3
v0.1.4-beta.2
v0.1.4-beta.1
v0.1.4-beta.0
v0.1.3
v0.1.3-beta.2
v0.1.3-beta.1
v0.1.3-beta.0
v0.1.2
v0.1.2-beta.2
v0.1.2-beta.1
v0.1.2-beta.0
v0.1.1
v0.1.1-beta.26
v0.1.1-beta.25
v0.1.1-beta.24
v0.1.1-beta.23
v0.1.1-beta.22
v0.1.1-beta.21
v0.1.1-beta.20
v0.1.1-beta.19
v0.1.1-beta.18
v0.1.1-beta.17
v0.1.1-beta.16
v0.1.1-beta.15
v0.1.1-beta.14
v0.1.1-beta.13
v0.1.1-beta.12
v0.1.1-beta.11
v0.1.1-beta.10
v0.1.1-beta.9
v0.1.1-beta.8
v0.1.1-beta.7
v0.1.1-beta.6
v0.1.1-beta.5
v0.1.1-beta.4
v0.1.1-beta.3
v0.1.1-beta.2
v0.1.1-beta.1
v0.1.1-beta.0
v0.01-beta-pi-september-fixes
v0.01-beta-pi-september
v0.01-beta-pi-2
v0.01-beta-pi
Labels
Clear labels   
blocked

   
bug

   
documentation

   
enhancement

   
fixed

   
fixed

  
hardening

   
implemented

   
installer

   
multicast

   
p1

   
p2

   
pending

   
podman

   
pull-request

Mirrored from GitHub Pull Request

  
security

   
testing

   
v1
No labels
blocked
bug
documentation
enhancement
fixed
fixed
hardening
implemented
installer
multicast
p1
p2
pending
podman
pull-request
security
testing
v1
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/super#2
No description provided.