-
Notifications
You must be signed in to change notification settings - Fork 83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kbs: shrink the size of docker image #417
kbs: shrink the size of docker image #417
Conversation
5f3e414
to
58dece8
Compare
libsgx-dcap-default-qpl \ | ||
libsgx-dcap-quote-verify \ | ||
tpm2-tools; fi | ||
|
||
# Intel PCCS URL Configurations |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
May I ask a rationale for removing this? I don't think the removal has nothing to do with reducing a image size (because it is just environment variable declaration and string replacement). Thanks!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, it has nothing to do with the topic. Originally, I thought this code was actually useless. Most people who use KBS would mount this file instead of hardcoding it during the image building phase. I just deleted these lines by the way; Let me set this piece of content as a separate commit, and then collecte more opinions to see if we should keep it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm. thanks.
I think tpm2-tools
can be replaced
by libtss2-tctildr0
+ libtss2-esys-3.0.2
, if that saves some more space
Thanks for the pointers. I just test locally it would be a little bigger
|
RUN if [ "${ARCH}" = "x86_64" ]; then apt-get install -y --no-install-recommends \ | ||
gpg --dearmor --output /usr/share/keyrings/intel-sgx.gpg && \ | ||
echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/intel-sgx.gpg] https://download.01.org/intel-sgx/sgx_repo/ubuntu jammy main' | tee /etc/apt/sources.list.d/intel-sgx.list && \ | ||
apt-get update && \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it is also possible to uninstall gnupg-agent
and curl
at this point..
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes it also deletes about ~3 MB in size. Let me repush
There is an issue on pulling an image `mcr.microsoft.com/hello-world` on s390x. It looks a load balancer for the microsoft registry is unstable so that the runner was able to pull the image with 10& success ratio (see confidential-containers/trustee#417) It is not reasonable to let the test run under the unstable environment. This commit skips the tests at image.rs for the platform. Signed-off-by: Hyounggyu Choi <[email protected]>
58dece8
to
e533bfc
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
After this patch, the image size will be ~215MB Close confidential-containers#416 Signed-off-by: Xynnn007 <[email protected]>
Users would like to mount a sgx_qcnl_default.conf to container rather than determine a static one at build time. Signed-off-by: Xynnn007 <[email protected]>
e533bfc
to
323284f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1
After this patch, the image size will be ~215MB
Close #416