distroless
distroless copied to clipboard
GoogleContainerTools
python3 images contains useless document/man page files
python3 images (both debian9 and debian10) contains manpage, document files. It seems useless because distroless doesn't provide shell access. These files are introduced with Python because they seem to be Python's dependencies.
The following values are a file size of layer.tar in debian10's image. You can save more than 1MB.
| versions | filesize |
|---|---|
| Original | 17,786,880 bytes |
| Remove them | 16,519,168 bytes |
Full file list I removed:
/usr/share/man/man1/openssl-ts.1ssl.gz
/usr/share/man/man1/openssl-ca.1ssl.gz
/usr/share/man/man1/openssl-rsa.1ssl.gz
/usr/share/man/man1/openssl-sess_id.1ssl.gz
/usr/share/man/man1/dgst.1ssl.gz
/usr/share/man/man1/s_time.1ssl.gz
/usr/share/man/man1/dsa.1ssl.gz
/usr/share/man/man1/genpkey.1ssl.gz
/usr/share/man/man1/rsautl.1ssl.gz
/usr/share/man/man1/openssl-rsautl.1ssl.gz
/usr/share/man/man1/s_client.1ssl.gz
/usr/share/man/man1/rsa.1ssl.gz
/usr/share/man/man1/verify.1ssl.gz
/usr/share/man/man1/openssl-verify.1ssl.gz
/usr/share/man/man1/openssl-ocsp.1ssl.gz
/usr/share/man/man1/openssl-ec.1ssl.gz
/usr/share/man/man1/x509.1ssl.gz
/usr/share/man/man1/srp.1ssl.gz
/usr/share/man/man1/storeutl.1ssl.gz
/usr/share/man/man1/ciphers.1ssl.gz
/usr/share/man/man1/dhparam.1ssl.gz
/usr/share/man/man1/dsaparam.1ssl.gz
/usr/share/man/man1/openssl-passwd.1ssl.gz
/usr/share/man/man1/rand.1ssl.gz
/usr/share/man/man1/rehash.1ssl.gz
/usr/share/man/man1/engine.1ssl.gz
/usr/share/man/man1/openssl-crl.1ssl.gz
/usr/share/man/man1/req.1ssl.gz
/usr/share/man/man1/sess_id.1ssl.gz
/usr/share/man/man1/openssl-version.1ssl.gz
/usr/share/man/man1/genrsa.1ssl.gz
/usr/share/man/man1/version.1ssl.gz
/usr/share/man/man1/openssl-asn1parse.1ssl.gz
/usr/share/man/man1/openssl-rand.1ssl.gz
/usr/share/man/man1/ecparam.1ssl.gz
/usr/share/man/man1/openssl-c_rehash.1ssl.gz
/usr/share/man/man1/openssl-enc.1ssl.gz
/usr/share/man/man1/openssl-x509.1ssl.gz
/usr/share/man/man1/openssl-tsget.1ssl.gz
/usr/share/man/man1/spkac.1ssl.gz
/usr/share/man/man1/gendsa.1ssl.gz
/usr/share/man/man1/openssl-s_time.1ssl.gz
/usr/share/man/man1/openssl-pkcs8.1ssl.gz
/usr/share/man/man1/openssl-s_server.1ssl.gz
/usr/share/man/man1/smime.1ssl.gz
/usr/share/man/man1/openssl-genpkey.1ssl.gz
/usr/share/man/man1/openssl-s_client.1ssl.gz
/usr/share/man/man1/pkey.1ssl.gz
/usr/share/man/man1/ts.1ssl.gz
/usr/share/man/man1/ca.1ssl.gz
/usr/share/man/man1/openssl-pkeyparam.1ssl.gz
/usr/share/man/man1/s_server.1ssl.gz
/usr/share/man/man1/openssl-smime.1ssl.gz
/usr/share/man/man1/openssl-pkcs12.1ssl.gz
/usr/share/man/man1/pkcs7.1ssl.gz
/usr/share/man/man1/openssl-dhparam.1ssl.gz
/usr/share/man/man1/prime.1ssl.gz
/usr/share/man/man1/pkcs8.1ssl.gz
/usr/share/man/man1/openssl-gendsa.1ssl.gz
/usr/share/man/man1/openssl-ciphers.1ssl.gz
/usr/share/man/man1/pkeyparam.1ssl.gz
/usr/share/man/man1/pkeyutl.1ssl.gz
/usr/share/man/man1/crl2pkcs7.1ssl.gz
/usr/share/man/man1/nseq.1ssl.gz
/usr/share/man/man1/list.1ssl.gz
/usr/share/man/man1/errstr.1ssl.gz
/usr/share/man/man1/openssl-errstr.1ssl.gz
/usr/share/man/man1/openssl-pkeyutl.1ssl.gz
/usr/share/man/man1/openssl-dgst.1ssl.gz
/usr/share/man/man1/openssl-rehash.1ssl.gz
/usr/share/man/man1/openssl.1ssl.gz
/usr/share/man/man1/openssl-dsaparam.1ssl.gz
/usr/share/man/man1/openssl-crl2pkcs7.1ssl.gz
/usr/share/man/man1/openssl-speed.1ssl.gz
/usr/share/man/man1/openssl-nseq.1ssl.gz
/usr/share/man/man1/openssl-pkey.1ssl.gz
/usr/share/man/man1/openssl-ecparam.1ssl.gz
/usr/share/man/man1/speed.1ssl.gz
/usr/share/man/man1/tsget.1ssl.gz
/usr/share/man/man1/openssl-storeutl.1ssl.gz
/usr/share/man/man1/CA.pl.1ssl.gz
/usr/share/man/man1/openssl-pkcs7.1ssl.gz
/usr/share/man/man1/openssl-prime.1ssl.gz
/usr/share/man/man1/openssl-genrsa.1ssl.gz
/usr/share/man/man1/openssl-cms.1ssl.gz
/usr/share/man/man1/ocsp.1ssl.gz
/usr/share/man/man1/openssl-req.1ssl.gz
/usr/share/man/man1/passwd.1ssl.gz
/usr/share/man/man1/openssl-spkac.1ssl.gz
/usr/share/man/man1/enc.1ssl.gz
/usr/share/man/man1/ec.1ssl.gz
/usr/share/man/man1/crl.1ssl.gz
/usr/share/man/man1/openssl-dsa.1ssl.gz
/usr/share/man/man1/asn1parse.1ssl.gz
/usr/share/man/man1/openssl-list.1ssl.gz
/usr/share/man/man1/pkcs12.1ssl.gz
/usr/share/man/man1/c_rehash.1ssl.gz
/usr/share/man/man1/openssl-srp.1ssl.gz
/usr/share/man/man1/cms.1ssl.gz
/usr/share/man/man1/openssl-engine.1ssl.gz
/usr/share/man/man1/tzselect.1.gz
/usr/share/man/man1/python3.7m.1.gz
/usr/share/man/man1/getconf.1.gz
/usr/share/man/man1/sh.1.gz
/usr/share/man/man1/dash.1.gz
/usr/share/man/man1/catchsegv.1.gz
/usr/share/man/man1/python3.7.1.gz
/usr/share/man/man7/bio.7ssl.gz
/usr/share/man/man7/ssl.7ssl.gz
/usr/share/man/man7/X25519.7ssl.gz
/usr/share/man/man7/passphrase-encoding.7ssl.gz
/usr/share/man/man7/x509.7ssl.gz
/usr/share/man/man7/Ed448.7ssl.gz
/usr/share/man/man7/des_modes.7ssl.gz
/usr/share/man/man7/Ed25519.7ssl.gz
/usr/share/man/man7/scrypt.7ssl.gz
/usr/share/man/man7/SM2.7ssl.gz
/usr/share/man/man7/X448.7ssl.gz
/usr/share/man/man7/RSA-PSS.7ssl.gz
/usr/share/man/man7/crypto.7ssl.gz
/usr/share/man/man7/RAND_DRBG.7ssl.gz
/usr/share/man/man7/ossl_store-file.7ssl.gz
/usr/share/man/man7/ct.7ssl.gz
/usr/share/man/man7/evp.7ssl.gz
/usr/share/man/man7/ossl_store.7ssl.gz
/usr/share/man/man7/RAND.7ssl.gz
/usr/share/man/man5/x509v3_config.5ssl.gz
/usr/share/man/man5/config.5ssl.gz
/usr/share/doc/libgomp1
/usr/share/doc/libstdc++6
/usr/share/doc/libgcc1
/usr/share/doc/base-files/README.FHS
/usr/share/doc/base-files/copyright
/usr/share/doc/base-files/changelog.gz
/usr/share/doc/base-files/FAQ
/usr/share/doc/base-files/README
/usr/share/doc/tzdata/changelog.Debian.gz
/usr/share/doc/tzdata/copyright
/usr/share/doc/tzdata/changelog.gz
/usr/share/doc/tzdata/README.Debian
/usr/share/doc/ca-certificates/copyright
/usr/share/doc/netbase/copyright
/usr/share/doc/netbase/changelog.gz
/usr/share/doc/liblzma5/AUTHORS
/usr/share/doc/liblzma5/changelog.Debian.gz
/usr/share/doc/liblzma5/copyright
/usr/share/doc/liblzma5/NEWS.gz
/usr/share/doc/liblzma5/changelog.gz
/usr/share/doc/liblzma5/THANKS
/usr/share/doc/python3.7-minimal/changelog.Debian.gz
/usr/share/doc/python3.7-minimal/copyright
/usr/share/doc/python3.7-minimal/README.Debian
/usr/share/doc/zlib1g/changelog.Debian.gz
/usr/share/doc/zlib1g/copyright
/usr/share/doc/zlib1g/changelog.gz
/usr/share/doc/libffi6/changelog.Debian.gz
/usr/share/doc/libffi6/copyright
/usr/share/doc/libtinfo6/changelog.Debian.gz
/usr/share/doc/libtinfo6/TODO.Debian
/usr/share/doc/libtinfo6/copyright
/usr/share/doc/libtinfo6/changelog.gz
/usr/share/doc/libtinfo6/FAQ
/usr/share/doc/libpython3.7-minimal/changelog.Debian.gz
/usr/share/doc/libpython3.7-minimal/copyright
/usr/share/doc/libpython3.7-minimal/README.Debian
/usr/share/doc/libbz2-1.0/changelog.Debian.gz
/usr/share/doc/libbz2-1.0/copyright
/usr/share/doc/libbz2-1.0/changelog.gz
/usr/share/doc/python3-distutils/changelog.Debian.gz
/usr/share/doc/python3-distutils/copyright
/usr/share/doc/python3-distutils/README.Debian
/usr/share/doc/libexpat1/AUTHORS
/usr/share/doc/libexpat1/changelog.Debian.gz
/usr/share/doc/libexpat1/copyright
/usr/share/doc/libexpat1/changelog.gz
/usr/share/doc/libsqlite3-0/changelog.Debian.gz
/usr/share/doc/libsqlite3-0/changelog.html.gz
/usr/share/doc/libsqlite3-0/copyright
/usr/share/doc/libsqlite3-0/changelog.gz
/usr/share/doc/libsqlite3-0/README.Debian
/usr/share/doc/dash/changelog.Debian.gz
/usr/share/doc/dash/NEWS.Debian.gz
/usr/share/doc/dash/copyright
/usr/share/doc/dash/changelog.gz
/usr/share/doc/dash/README.source
/usr/share/doc/dash/README.Debian.diet
/usr/share/doc/libmpdec2/changelog.Debian.gz
/usr/share/doc/libmpdec2/copyright
/usr/share/doc/libmpdec2/changelog.gz
/usr/share/doc/libssl1.1/changelog.Debian.gz
/usr/share/doc/libssl1.1/NEWS.Debian.gz
/usr/share/doc/libssl1.1/copyright
/usr/share/doc/libssl1.1/changelog.gz
/usr/share/doc/libreadline7/inputrc.arrows
/usr/share/doc/libreadline7/USAGE
/usr/share/doc/libreadline7/changelog.Debian.gz
/usr/share/doc/libreadline7/copyright
/usr/share/doc/libreadline7/changelog.gz
/usr/share/doc/libreadline7/README.Debian
/usr/share/doc/libreadline7/examples/Inputrc
/usr/share/doc/libdb5.3/changelog.Debian.gz
/usr/share/doc/libdb5.3/copyright
/usr/share/doc/libdb5.3/build_signature_amd64.txt
/usr/share/doc/libuuid1/changelog.Debian.gz
/usr/share/doc/libuuid1/copyright
/usr/share/doc/libuuid1/changelog.gz
/usr/share/doc/libc-bin/changelog.Debian.gz
/usr/share/doc/libc-bin/copyright
/usr/share/doc/libc-bin/changelog.gz
/usr/share/doc/libc6/changelog.Debian.gz
/usr/share/doc/libc6/NEWS.Debian.gz
/usr/share/doc/libc6/copyright
/usr/share/doc/libc6/NEWS.gz
/usr/share/doc/libc6/README.hesiod.gz
/usr/share/doc/libc6/changelog.gz
/usr/share/doc/libc6/README.Debian.gz
/usr/share/doc/openssl/fingerprints.txt
/usr/share/doc/openssl/changelog.Debian.gz
/usr/share/doc/openssl/README.ENGINE.gz
/usr/share/doc/openssl/NEWS.Debian.gz
/usr/share/doc/openssl/copyright
/usr/share/doc/openssl/NEWS.gz
/usr/share/doc/openssl/changelog.gz
/usr/share/doc/openssl/README.Debian
/usr/share/doc/openssl/FAQ
/usr/share/doc/openssl/README
/usr/share/doc/openssl/README.optimization
/usr/share/doc/openssl/HOWTO/keys.txt
/usr/share/doc/openssl/HOWTO/proxy_certificates.txt.gz
/usr/share/doc/openssl/HOWTO/certificates.txt.gz
Hi @shibukawa,
I think this makes sense. It's easy to exclude files. Here's an example. Contributions are highly appreciated!
It's easy to exclude files. Here's an example.
Sorry, I was wrong about this. The example was when using the pkg_tar rule. The container_image rule doesn't have a feature to exclude files added through the deb attribute.
Just a small note:
I've also came here through the python3-debian10 distroless image and noticed the /usr/share/doc and /usr/share/man directories that I also find useless. But then I examined the base-debian10 image and the dirs are there too. So this is not bound to python image.
