How to reduce size by removing dubious dependencies?

eggbean

I'm pleased with the solution triggercmd provides me and I want to package it up in a Docker container for security and convenience, along with some associated software I am using it with.

I have been intending to make an image compiling triggercmdagent using Alpine Linux as a base, to make it as tiny as possible, but because the resulting image is so many times larger than even a full OS container, this seems pointless. At 1GB, it's the largest docker container I am running, when I would have expected it to be one of the smallest.

I know node.js itself is pretty large, but even starting with a minimal base Debian image, a large number of libraries get installed, along with a lot of things that seem irrelevant. Can any of this be removed?

This is the relevant parts of the current draft of the Dockerfile:

FROM node:current-buster-slim

ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get -y update && apt-get -y upgrade
RUN apt-get install -y apt-utils wget
RUN wget -q https://s3.amazonaws.com/triggercmdagents/triggercmdagent_1.0.1_amd64.deb
RUN apt-get install -y ./triggercmdagent_1.0.1_amd64.deb && rm triggercmdagent_1.0.1_amd64.deb
RUN apt-get autoremove

CMD node /usr/lib/triggercmdagent/resources/app/src/agent.js --console

And these are all the triggercmdagent dependencies which get installed:

adwaita-icon-theme aspell aspell-en at-spi2-core cpp cpp-8 dbus
dbus-user-session dconf-gsettings-backend dconf-service dictionaries-common
dirmngr dmsetup emacsen-common fontconfig fontconfig-config
fonts-dejavu-core gconf-service gconf2-common glib-networking
glib-networking-common glib-networking-services gnupg gnupg-l10n gnupg-utils
gpg gpg-agent gpg-wks-client gpg-wks-server gpgconf gpgsm
gsettings-desktop-schemas gtk-update-icon-cache hicolor-icon-theme
hunspell-en-us i965-va-driver intel-media-va-driver kactivities-bin
kactivitymanagerd kde-cli-tools kde-cli-tools-data kio kpackagelauncherqml
kpackagetool5 krb5-locales kwayland-data kwayland-integration liba52-0.7.4
libaa1 libaacs0 libaom0 libapparmor1 libarchive13 libargon2-1 libaribb24-0
libasound2 libasound2-data libaspell15 libass9 libassuan0 libasyncns0
libatk-bridge2.0-0 libatk1.0-0 libatk1.0-data libatspi2.0-0
libauthen-sasl-perl libavahi-client3 libavahi-common-data libavahi-common3
libavc1394-0 libavcodec58 libavformat58 libavutil56
libbasicusageenvironment1 libbdplus0 libbluray2 libbsd0 libcaca0
libcairo-gobject2 libcairo2 libcap2 libcddb2 libchromaprint1 libcodec2-0.8.1
libcolord2 libcroco3 libcryptsetup12 libcrystalhd3 libcups2
libdata-dump-perl libdatrie1 libdbus-1-3 libdbus-glib-1-2 libdbusmenu-qt5-2
libdc1394-22 libdca0 libdconf1 libdevmapper1.02.1 libdouble-conversion1
libdrm-amdgpu1 libdrm-common libdrm-intel1 libdrm-nouveau2 libdrm-radeon1
libdrm2 libdvbpsi10 libdvdnav4 libdvdread4 libebml4v5 libedit2 libegl-mesa0
libegl1 libelf1 libencode-locale-perl libepoxy0 libevdev2 libexpat1 libfaad2
libfam0 libfile-basedir-perl libfile-desktopentry-perl libfile-listing-perl
libfile-mimeinfo-perl libflac8 libfont-afm-perl libfontconfig1 libfontenc1
libfreetype6 libfribidi0 libgbm1 libgconf-2-4 libgdbm-compat4 libgdbm6
libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-bin libgdk-pixbuf2.0-common libgl1
libgl1-mesa-dri libglapi-mesa libgles2 libglib2.0-0 libglib2.0-data
libglvnd0 libglx-mesa0 libglx0 libgme0 libgomp1 libgpgme11 libgpgmepp6
libgpm2 libgraphite2-3 libgroupsock8 libgsm1 libgssapi-krb5-2 libgtk-3-0
libgtk-3-bin libgtk-3-common libgudev-1.0-0 libharfbuzz0b libhfstospell10
libhtml-form-perl libhtml-format-perl libhtml-parser-perl
libhtml-tagset-perl libhtml-tree-perl libhttp-cookies-perl
libhttp-daemon-perl libhttp-date-perl libhttp-message-perl
libhttp-negotiate-perl libhunspell-1.7-0 libice6 libicu63 libidn11
libigdgmm5 libinput-bin libinput10 libio-html-perl libio-socket-ssl-perl
libio-stringy-perl libip4tc0 libipc-system-simple-perl libisl19 libixml10
libjbig0 libjpeg62-turbo libjson-c3 libjson-glib-1.0-0
libjson-glib-1.0-common libk5crypto3 libkate1 libkeyutils1 libkf5activities5
libkf5archive5 libkf5attica5 libkf5auth-data libkf5auth5 libkf5codecs-data
libkf5codecs5 libkf5completion-data libkf5completion5 libkf5config-bin
libkf5config-data libkf5configcore5 libkf5configgui5
libkf5configwidgets-data libkf5configwidgets5 libkf5coreaddons-data
libkf5coreaddons5 libkf5crash5 libkf5dbusaddons-bin libkf5dbusaddons-data
libkf5dbusaddons5 libkf5declarative-data libkf5declarative5 libkf5doctools5
libkf5globalaccel-bin libkf5globalaccel-data libkf5globalaccel5
libkf5globalaccelprivate5 libkf5guiaddons5 libkf5i18n-data libkf5i18n5
libkf5iconthemes-bin libkf5iconthemes-data libkf5iconthemes5 libkf5idletime5
libkf5itemviews-data libkf5itemviews5 libkf5jobwidgets-data
libkf5jobwidgets5 libkf5kcmutils-data libkf5kcmutils5 libkf5kiocore5
libkf5kiontlm5 libkf5kiowidgets5 libkf5notifications-data
libkf5notifications5 libkf5package-data libkf5package5 libkf5pty-data
libkf5pty5 libkf5quickaddons5 libkf5service-bin libkf5service-data
libkf5service5 libkf5solid5 libkf5solid5-data libkf5sonnet5-data
libkf5sonnetcore5 libkf5sonnetui5 libkf5su-bin libkf5su-data libkf5su5
libkf5textwidgets-data libkf5textwidgets5 libkf5wallet-bin libkf5wallet-data
libkf5wallet5 libkf5waylandclient5 libkf5widgetsaddons-data
libkf5widgetsaddons5 libkf5windowsystem-data libkf5windowsystem5
libkf5xmlgui-bin libkf5xmlgui-data libkf5xmlgui5 libkmod2 libkrb5-3
libkrb5support0 libksba8 libkwalletbackend5-5 libkworkspace5-5 liblcms2-2
libldap-2.4-2 libldap-common liblirc-client0 liblivemedia64 libllvm7
liblua5.2-0 liblwp-mediatypes-perl liblwp-protocol-https-perl libmad0
libmailtools-perl libmatroska6v5 libmp3lame0 libmpc3 libmpcdec6 libmpeg2-4
libmpfr6 libmpg123-0 libmtdev1 libmtp-common libmtp-runtime libmtp9
libmysofa0 libncurses6 libnet-dbus-perl libnet-http-perl
libnet-smtp-ssl-perl libnet-ssleay-perl libnfs12 libnotify4 libnpth0
libnspr4 libnss-systemd libnss3 libnuma1 libogg0 libopenjp2-7
libopenmpt-modplug1 libopenmpt0 libopus0 libpam-systemd libpango-1.0-0
libpangocairo-1.0-0 libpangoft2-1.0-0 libpciaccess0 libpcre2-16-0
libperl5.28 libphonon4qt5-4 libpixman-1-0 libplacebo7 libpng16-16
libpolkit-agent-1-0 libpolkit-gobject-1-0 libpolkit-qt5-1-1 libpostproc55
libprotobuf-lite17 libproxy-tools libproxy1v5 libpulse-mainloop-glib0
libpulse0 libqt5core5a libqt5dbus5 libqt5gui5 libqt5network5
libqt5printsupport5 libqt5qml5 libqt5quick5 libqt5quickwidgets5
libqt5script5 libqt5sql5 libqt5sql5-sqlite libqt5svg5 libqt5texttospeech5
libqt5waylandclient5 libqt5waylandcompositor5 libqt5widgets5
libqt5x11extras5 libqt5xml5 libraw1394-11 libreadline7 libresid-builder0c2a
librest-0.7-0 librsvg2-2 librsvg2-common libsamplerate0 libsasl2-2
libsasl2-modules libsasl2-modules-db libsdl-image1.2 libsdl1.2debian
libsecret-1-0 libsecret-common libsensors-config libsensors5 libshine3
libshout3 libsidplay2 libslang2 libsm6 libsnappy1v5 libsndfile1 libsndio7.0
libsoup-gnome2.4-1 libsoup2.4-1 libsoxr0 libspatialaudio0 libspeex1
libspeexdsp1 libsqlite3-0 libssh-gcrypt-4 libssh2-1 libswresample3
libswscale5 libtag1v5 libtag1v5-vanilla libtext-iconv-perl libthai-data
libthai0 libtheora0 libtie-ixhash-perl libtiff5 libtimedate-perl
libtry-tiny-perl libtwolame0 libupnp13 liburi-perl libusageenvironment3
libusb-1.0-0 libva-drm2 libva-wayland2 libva-x11-2 libva2 libvdpau-va-gl1
libvdpau1 libvlc-bin libvlc5 libvlccore9 libvoikko1 libvorbis0a
libvorbisenc2 libvorbisfile3 libvpx5 libvulkan1 libwacom-bin libwacom-common
libwacom2 libwavpack1 libwayland-client0 libwayland-cursor0 libwayland-egl1
libwayland-server0 libwebp6 libwebpmux3 libwrap0 libwww-perl
libwww-robotrules-perl libx11-6 libx11-data libx11-protocol-perl libx11-xcb1
libx264-155 libx265-165 libxau6 libxaw7 libxcb-dri2-0 libxcb-dri3-0
libxcb-glx0 libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-present0
libxcb-randr0 libxcb-render-util0 libxcb-render0 libxcb-shape0 libxcb-shm0
libxcb-sync1 libxcb-util0 libxcb-xfixes0 libxcb-xinerama0 libxcb-xkb1
libxcb-xv0 libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxdmcp6 libxext6
libxfixes3 libxft2 libxi6 libxinerama1 libxkbcommon-x11-0 libxkbcommon0
libxml-parser-perl libxml-twig-perl libxml-xpathengine-perl libxml2 libxmu6
libxmuu1 libxpm4 libxrandr2 libxrender1 libxshmfence1 libxslt1.1 libxss1
libxt6 libxtst6 libxv1 libxvidcore4 libxxf86dga1 libxxf86vm1 libzvbi-common
libzvbi0 media-player-info mesa-va-drivers mesa-vdpau-drivers netbase
notification-daemon perl perl-modules-5.28 perl-openssl-defaults phonon4qt5
phonon4qt5-backend-vlc pinentry-curses qt5-gtk-platformtheme
qttranslations5-l10n qtwayland5 readline-common sensible-utils
shared-mime-info sonnet-plugins sudo systemd systemd-sysv triggercmdagent
ucf udev va-driver-all vdpau-driver-all vlc-data vlc-plugin-base
vlc-plugin-video-output x11-common x11-utils x11-xserver-utils xdg-user-dirs
xdg-utils xkb-data

Hunspell and aspell dictionaries, X11, VLC and GUI stuff, etc... Is it possible to strip this down?

Thanks.

eggbean

Duh, I wasn't using the GUI-less version of the agent. Correcting that and removing npm has reduced the size to 570MB, which is much better, but still rather large.

FROM node:current-buster-slim

ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get -y update && apt-get -y upgrade
RUN apt-get -y install wget npm
RUN wget -q https://s3.amazonaws.com/triggercmdagents/triggercmdagent_1.0.1_all.deb
RUN apt-get -y install ./triggercmdagent_1.0.1_all.deb && rm triggercmdagent_1.0.1_all.deb
RUN apt-get -y remove npm wget && apt-get -y autoremove

CMD node /usr/lib/triggercmdagent/resources/app/src/agent.js --console

Russ

@eggbean, good idea using the GUI-less version.

What's your use case? I'm curious.

eggbean

@Russ Hi, I have reduced the layering and now at 292MB it's only a more reasonable 111MB bigger than the base Node image.

FROM node:current-buster-slim

ARG DEBIAN_FRONTEND=noninteractive
RUN BUILD_DEPS=" \
        wget \
        npm" \
        && apt-get -y update && apt-get -y upgrade \
        && apt-get -y install ${BUILD_DEPS} \
        && wget -q https://s3.amazonaws.com/triggercmdagents/triggercmdagent_1.0.1_all.deb \
        && apt-get -y install ./triggercmdagent_1.0.1_all.deb && rm triggercmdagent_1.0.1_all.deb \
        && apt-get -y remove ${BUILD_DEPS} && apt-get -y autoremove

CMD node /usr/lib/triggercmdagent/resources/app/src/agent.js --console

I'm using this to run a script which takes the dynamic IP address from my phone and opens a /24 or /23 address range in the Google Cloud firewall (using a restricted API account) for one hour, so I can connect to my bastion host when tethering my laptop to my phone's internet connection (the IP address keeps changing, hence the IP range). I have an Alexa app on my phone called Reverb which runs when long-pressing one of the main buttons. I'll do the same for AWS and make a blog post about it.

I'm assuming npm is not needed when running triggercmd? I've not got around to adding the other stuff yet.

Cheers!

Russ

@eggbean, man that is brilliant! Nice job. I can't wait to read that blog post. I might want to do something similar.

You don't need npm to run the agent. It's useful for installing the dependencies but it makes sense to remove it after.

Thanks for sharing.