| Message ID | 20230224172915.39675-1-anthony.perard@citrix.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | automation: Update containers to allow HTTPS access to xenbits | expand |
On 24/02/2023 5:29 pm, Anthony PERARD wrote: > Patch series available in this git branch: > https://xenbits.xen.org/git-http/people/aperard/xen-unstable.git br.gitlab-containers-update-v3 > > v3: > - new patch which remove non-debug x86_32 builds > - don't fix root certificates in jessie containers as those won't be used > anymore on the main branch. > > v2: > - Remove CentOS 7.2 > - Remove Debian Jessie test, but update container recipe for the benefit of > older branches. > - Fix CentOS 7 containner recipe to update all packages. (Fix missing update of > HTTPS root certificates) > > There is work in progress [1] to update urls in our repo to use https, but > those https urls to xenbits don't work in our containers, due to an expired > root certificate. So we need to update those containers. > > This series update the dockerfile where just rebuilding the container isn't enough. LGTM. Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> I'll add this to my commit sweep, and rebuild the remaining containers. But on that note, I noticed that the debian unstable container was 2.3G when I last rebuilt it. Which I think is obscenely large for what we're doing. Can we see about switching to slim/tiny container bases? ~Andrew
On Fri, Feb 24, 2023 at 05:37:44PM +0000, Andrew Cooper wrote: > On 24/02/2023 5:29 pm, Anthony PERARD wrote: > > Patch series available in this git branch: > > https://xenbits.xen.org/git-http/people/aperard/xen-unstable.git br.gitlab-containers-update-v3 > > > > v3: > > - new patch which remove non-debug x86_32 builds > > - don't fix root certificates in jessie containers as those won't be used > > anymore on the main branch. > > > > v2: > > - Remove CentOS 7.2 > > - Remove Debian Jessie test, but update container recipe for the benefit of > > older branches. > > - Fix CentOS 7 containner recipe to update all packages. (Fix missing update of > > HTTPS root certificates) > > > > There is work in progress [1] to update urls in our repo to use https, but > > those https urls to xenbits don't work in our containers, due to an expired > > root certificate. So we need to update those containers. > > > > This series update the dockerfile where just rebuilding the container isn't enough. > > LGTM. > > Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> > > I'll add this to my commit sweep, and rebuild the remaining containers. > > But on that note, I noticed that the debian unstable container was 2.3G > when I last rebuilt it. Which I think is obscenely large for what we're > doing. > > Can we see about switching to slim/tiny container bases? I don't think that would help much, the non-slim container is only 116MB vs 74.6MB for the slim (amd64 containers). But maybe we could try to use "--no-install-recommends", that might save a few bytes in our containers. Cheers,
On 24/02/2023 6:12 pm, Anthony PERARD wrote: > On Fri, Feb 24, 2023 at 05:37:44PM +0000, Andrew Cooper wrote: >> On 24/02/2023 5:29 pm, Anthony PERARD wrote: >>> Patch series available in this git branch: >>> https://xenbits.xen.org/git-http/people/aperard/xen-unstable.git br.gitlab-containers-update-v3 >>> >>> v3: >>> - new patch which remove non-debug x86_32 builds >>> - don't fix root certificates in jessie containers as those won't be used >>> anymore on the main branch. >>> >>> v2: >>> - Remove CentOS 7.2 >>> - Remove Debian Jessie test, but update container recipe for the benefit of >>> older branches. >>> - Fix CentOS 7 containner recipe to update all packages. (Fix missing update of >>> HTTPS root certificates) >>> >>> There is work in progress [1] to update urls in our repo to use https, but >>> those https urls to xenbits don't work in our containers, due to an expired >>> root certificate. So we need to update those containers. >>> >>> This series update the dockerfile where just rebuilding the container isn't enough. >> LGTM. >> >> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> >> >> I'll add this to my commit sweep, and rebuild the remaining containers. >> >> But on that note, I noticed that the debian unstable container was 2.3G >> when I last rebuilt it. Which I think is obscenely large for what we're >> doing. >> >> Can we see about switching to slim/tiny container bases? > I don't think that would help much, the non-slim container is only 116MB > vs 74.6MB That's 64% smaller to start with... > for the slim (amd64 containers). But maybe we could try to use > "--no-install-recommends", that might save a few bytes in our containers. Oh wow - yeah. For buster-gcc-ibt (which is already slim), we're getting: Suggested packages: binutils-doc bison-doc bzip2-doc cpp-doc gcc-8-locales dbus-user-session libpam-systemd pinentry-gnome3 tor debian-keyring flex-doc g++-multilib g++-8-multilib gcc-8-doc libstdc++6-8-dbg autoconf automake libtool gdb gcc-doc libgcc1-dbg libgomp1-dbg libitm1-dbg libatomic1-dbg libasan5-dbg liblsan0-dbg libtsan0-dbg libubsan1-dbg libmpx2-dbg libquadmath0-dbg parcimonie xloadimage scdaemon glibc-doc sensible-utils git bzr gdbm-l10n gmp-doc libgmp10-doc libmpfr-doc libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal libsasl2-modules-ldap libsasl2-modules-otp libsasl2-modules-sql libstdc++-8-doc m4-doc make-doc man-browser ed diffutils-doc perl-doc libterm-readline-gnu-perl | libterm-readline-perl-perl libb-debug-perl liblocale-codes-perl pinentry-doc readline-doc which is a whole bunch of junk we absolutely do not need. ~Andrew
Patch series available in this git branch: https://xenbits.xen.org/git-http/people/aperard/xen-unstable.git br.gitlab-containers-update-v3 v3: - new patch which remove non-debug x86_32 builds - don't fix root certificates in jessie containers as those won't be used anymore on the main branch. v2: - Remove CentOS 7.2 - Remove Debian Jessie test, but update container recipe for the benefit of older branches. - Fix CentOS 7 containner recipe to update all packages. (Fix missing update of HTTPS root certificates) There is work in progress [1] to update urls in our repo to use https, but those https urls to xenbits don't work in our containers, due to an expired root certificate. So we need to update those containers. This series update the dockerfile where just rebuilding the container isn't enough. Cheers, Anthony PERARD (4): automation: Use EOL tag for Jessie container automation: Remove testing on Debian Jessie automation: Remove expired root certificates used to be used by let's encrypt automation: Remove non-debug x86_32 build jobs .../build/debian/jessie-i386.dockerfile | 2 +- automation/build/debian/jessie.dockerfile | 2 +- automation/build/ubuntu/trusty.dockerfile | 5 ++ automation/gitlab-ci/build.yaml | 60 ------------------- 4 files changed, 7 insertions(+), 62 deletions(-)