Removing what was added in previous layer in docker

Question

I'm trying to reduce the size of my docker image. In my docker file, I do this:

FROM crystal/centos
MAINTAINER crystal

ADD ./rpms/test.rpm ./rpms/ 
RUN yum -y --nogpgcheck localinstall /rpms/test.rpm

from what I understand, the ADD command is in its own layer, and then RUN is in another layer. So after I install the rpm, how do I go about deleting the initial /rpms directory.

score 9 · Accepted Answer · answered Oct 28 '14 at 17:38

9

use this technique

RUN curl http://someaddress/test.rpm &&\
    yum -y --nogpgcheck localinstall /rpms/test.rpm &&\
    rm test.rpm

answered Oct 28 '14 at 17:38

Montells

6,389
4
48
53

2

You can just RUN yum -y install http://someaddress/test.rpm if the rpm is hosted somewhere. – seanmcl Oct 28 '14 at 20:08
My situation is that - due to security reasons I am downloading the packages in the intermediate layer. Then, ADD'ing them to the final image. Followed by using RUN command to install the packages and delete the packages. My goal is to delete the downloaded packages once the RUN command installs them. Is there any way to a) combine the ADD and RUN into one layer; b) remove the ADD layer? – variable Jun 03 '20 at 08:46

Thomasleveil · Answer 2 · 2017-11-08T18:52:00.573

4

you cannot remove data from previous layers. If the /rpms/ folder is huge and you absolutely don't want its data in your docker image you have at least two solutions:

do not ADD the data (since it will commit a layer), instead use a single RUN instruction to:
- download the rpm file
- install the rpm file
- delete the rpm file
flatten your image afterwards

edited Nov 08 '17 at 18:52

answered Oct 28 '14 at 16:48

Thomasleveil

95,867
15
119
113

score 1 · Answer 3 · answered Oct 28 '14 at 16:31

You can do

RUN rm -rf /rpms

which will make the ultimate union file system smaller. That is, df will report less usage. It will not of course make the image database smaller, but rather very slightly larger. If you want to avoid making your database larger, you can create your own yum repository and install directly from there. This has the obvious downside that it will not be reproducible by anyone without access to your yum repo.

score 1 · Answer 4 · edited May 23 '17 at 11:53

In question about mounting docker image to host filesystem I've covered some internal structure of how docker stores their images. You can refer this question Is it possible to mount a docker image and then access it (RO) as a normal directory or mounted device?

In case of AUFS graph driver, docker (at least in version 1.2 or later) does:

Store container layers in directory /var/lib/docker/aufs/diff
Keep list of layers which container consists of in simple text file /var/lib/docker/aufs/layers/${CONTAINER_ID}.

So, if you desire to delete some intermediate layer from your container, you may try to delete particular line from /var/lib/docker/aufs/layers/${CONTAINER_ID} and then remove corresponding directory from /var/lib/docker/aufs/diff/.

NOTE: I didn't try this. This may doesn't work for you, or even may be dangerous.

The major problem will be that the layer will be restored each time the image is built. I have to say IMO it is dangerous and generally a bad idea to play with the filesystem like this. — Adrian Mouat, Oct 28 '14 at 17:54

Removing what was added in previous layer in docker

4 Answers4