slim icon indicating copy to clipboard operation
slim copied to clipboard

Published 20 hours ago verified publisher icon slimtoolkit

`slim build` doesn't generate optimized Dockerfile

Open anferico opened this issue 1 year ago • 3 comments

Expected Behavior

In addition to a minified Docker image, get an optimized Dockerfile that you can reuse to build new images.

Actual Behavior

The minified Docker image is created, but the optimized Dockerfile isn't. These are the only artifacts coming out of slim build:

  • my_docker_image-apparmor-profile
  • my_docker_image-seccomp.json
  • Dockerfile.fat
  • creport.json
  • files.tar

However, the optimized Dockerfile appears in slim build's logs:

cmd=build state=completed
cmd=build info=results status='MINIFIED' by='2.31X' size.original='18 GB' size.optimized='8.0 GB' 
cmd=build info=results image.name='my_docker_image' image.size='8.0 GB' has.data='true' 
cmd=build info=results artifacts.location='/tmp/slim-state/.slim-state/images/90bac9eb9682b042575a70af22e86057a94c09dd1bbbc52e1975954954e002d1/artifacts' 
cmd=build info=results artifacts.report='creport.json' 
cmd=build info=results artifacts.dockerfile.reversed='Dockerfile.fat' 
cmd=build info=results artifacts.dockerfile.optimized='Dockerfile' 
cmd=build info=results artifacts.seccomp='my_docker_image-seccomp.json' 
cmd=build info=results artifacts.apparmor='my_docker_image-apparmor-profile' 
cmd=build state=done

Steps to Reproduce the Problem

  1. Run slim xray on a Docker image to get a report.json file
  2. Run slim build passing report.json and targeting the Docker image you want to minify/optimize

Specifications

  • Version: linux|Transformer|1.40.4|d310b07567dc90763f5f27f94c618f057295b55d|2023-08-26_01:39:22AM
  • Platform: Ubuntu 20.04.5 LTS

anferico avatar Oct 11 '23 10:10 anferico

@anferico this is because the build engine parameter to create the minified image now defaults to the "internal" build engine that doesn't use Docker. The Dockerfile for the output image is present only then the output build engine needs it. You can verify it by looking at the "image_build_engine" field in the "slim.report.json" file, which should say "internal".

The next release will remove that console message to avoid the confusion.

Thanks for reporting this!

kcq avatar Oct 19 '23 19:10 kcq

@kcq Thanks for your reply 👍 I didn't understand whether it's possible to obtain an optimized Dockerfile or not though. Did I miss some important flags in the commands I ran? In fact, am I running the correct commands?

anferico avatar Oct 19 '23 20:10 anferico

@anferico you can still get the Dockerfile for the output/optimized image if you use the 'docker' build engine. You can use the --image-build-engine flag and set the flag value to docker. That Dockerfile isn't super interesting, but it might be nice to have it either way. A good enhancement might be creating a fake Dockerfile with the internal build engine.

kcq avatar Nov 18 '23 02:11 kcq