Remove extra OS and python packages from the generated images
as a post-build step. New options for the build recipes:
* POSTBUILD_REMOVE_OS_PACKAGES : which OS packages to remove.
Default: python3-pip python-pip-whl
* POSTBUILD_REMOVE_PYTHON_PACKAGES : which pip3 packages to remove
Default: pip
* POSTBUILD_COMMAND : arbitrary modification command
Default: <none>
This is needed because some docker images include packages that are
required at build time, but not at runtime. This is a kludge to remove
them after building. A much better solution would be to re-write every
Dockerfile into a multi-stage build, so that the final image includes
only the software it needs.
DESIGN
==========================
After building, create and build a Docker file that inherits from the
image we are trying to modify, and:
* Reset USER to root
* RUN: remove the specified python packages, except ones owned by the
package manager
* RUN: remove the specified OS packages
* RUN: execute arbitrary modification command configured in the build
recipe
* Reset USER back to what it was in the base image
* If anything was removed or modified, retag the image
These actions are handled by a new stand-alone script:
docker-image-postbuild.sh
and a number of helper scripts to be executed in the derived image.
TESTS
==========================
* Manually test the main script with various options
* Rebuild a few select Starlingx images and make sure the post-build
script gets called
* Make sure overriding the config options in build recipes works as
expected
* Manually execute the main post-build script on every StarlingX and
StarlingX/Openstack image generated by Jenkins. Make sure the script
succeeds in all of them.
* Manually ensure "pip" is removed at the end
LIMITATIONS
==========================
There are some exceptions/special cases:
* Some images are very minimal and don't include /bin/sh ; the main
script ignores these with a warning
* Some images based on "foreign" distros leave multiple copies of pip
behind and would require special handling in their own build recipes.
Example: stx-ceph-manager.
* Only rpm and dpkg based distributions are supported for
auto-removal. Alpine/apk only allows the removal of pip modules, and
not apk packages. This may be fixed in a separate commit in the
future.
Story: 2011452
Task: 52073
Signed-off-by: Davlet Panech <davlet.panech@windriver.com>
Change-Id: Idc75fc3a2b7fbc752d6997035e356314716c9609
e9e59e57e7