Do not persist tdnf cache in output container

Before this change when installing the new package into the container target tdnf is keeping a cache at /var/cache/tdnf in the new container's rootfs. This blows up the image size. As an example, before this change the go-md2man image from the docs is ~220MB, now it is ~47MB. Signed-off-by: Brian Goff <[email protected]>
Azure · Jan 16, 2024 · 9f6d24c · 9f6d24c
1 parent 15eec3a
commit 9f6d24c
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 9 deletions.
diff --git a/frontend/mariner2/handle_container.go b/frontend/mariner2/handle_container.go
@@ -208,9 +208,13 @@ rm -rf ` + rpmdbDir + `
 	worker := builderImg.
 		Run(
 			shArgs("/tmp/install.sh"),
-			marinerTdnfCache,
+			defaultMarinerTdnfCahe(),
 			llb.AddMount("/tmp/rpms", rpmDir, llb.SourcePath("/RPMS")),
 			llb.AddMount("/tmp/install.sh", installer, llb.SourcePath("install.sh")),
+			// Mount the tdnf cache into the workpath so that:
+			// 1. tdnf will use the cache
+			// 2. Repo data and packages are not left behind in the final image.
+			marinerTdnfCacheWithPrefix(workPath),
 		)
 
 	// This adds a mount to the worker so that all the commands are run with this mount added

diff --git a/frontend/mariner2/handle_depsonly.go b/frontend/mariner2/handle_depsonly.go
@@ -25,7 +25,7 @@ func handleDepsOnly(ctx context.Context, client gwclient.Client, spec *dalec.Spe
 
 	rpmDir := baseImg.Run(
 		shArgs(`set -ex; dir="/tmp/rpms/RPMS/$(uname -m)"; mkdir -p "${dir}"; tdnf install -y --releasever=2.0 --downloadonly --alldeps --downloaddir "${dir}" `+strings.Join(getRuntimeDeps(spec), " ")),
-		marinerTdnfCache,
+		defaultMarinerTdnfCahe(),
 	).
 		AddMount("/tmp/rpms", llb.Scratch())
 

diff --git a/frontend/mariner2/handle_rpm.go b/frontend/mariner2/handle_rpm.go
@@ -24,14 +24,24 @@ const (
 	toolchainImgRef       = "ghcr.io/azure/dalec/mariner2/toolchain:latest"
 	toolchainNamedContext = "mariner2-toolchain"
 
-	tookitRpmsCacheDir = "/root/.cache/mariner2-toolkit-rpm-cache"
-	cachedRpmsName     = "mariner2-toolkit-cached-rpms"
-	marinerToolkitPath = "/usr/local/toolkit"
+	tookitRpmsCacheDir  = "/root/.cache/mariner2-toolkit-rpm-cache"
+	cachedRpmsName      = "mariner2-toolkit-cached-rpms"
+	marinerToolkitPath  = "/usr/local/toolkit"
+	marinerTdnfCacheDir = "/var/cache/tdnf"
 )
 
-var (
-	marinerTdnfCache = llb.AddMount("/var/cache/tdnf", llb.Scratch(), llb.AsPersistentCacheDir("mariner2-tdnf-cache", llb.CacheMountShared))
-)
+func defaultMarinerTdnfCahe() llb.RunOption {
+	return marinerTdnfCacheWithPrefix("")
+}
+
+// marinerTdnfCacheWithPrefix returns a run option that sets up a persistent cache for tdnf.
+// The tdnf cache is mounted at `[prefix]/var/cache/tdnf`.
+//
+// This makes it so that when tdnf needs to download packages, repodata, etc it will use the cache dir.
+// Repeated builds will benefit from this as the cache will be reused.
+func marinerTdnfCacheWithPrefix(prefix string) llb.RunOption {
+	return llb.AddMount(filepath.Join(prefix, marinerTdnfCacheDir), llb.Scratch(), llb.AsPersistentCacheDir("mariner2-tdnf-cache", llb.CacheMountShared))
+}
 
 func handleRPM(ctx context.Context, client gwclient.Client, spec *dalec.Spec) (gwclient.Reference, *image.Image, error) {
 	baseImg, err := getBaseBuilderImg(ctx, client)
@@ -190,7 +200,7 @@ func specToRpmLLB(spec *dalec.Spec, getDigest getDigestFunc, baseImg llb.State,
 		dlCmd := `set -x; while read -r pkg; do tdnf install -y --alldeps --downloadonly --releasever=2.0 --downloaddir ` + cachedRpmsDir + ` ${pkg}; done < /tmp/deps`
 		work.Run(
 			shArgs(dlCmd),
-			marinerTdnfCache,
+			defaultMarinerTdnfCahe(),
 			llb.AddMount("/tmp/deps", depsFile, llb.SourcePath("deps")),
 			mainCachedRpmsMount,
 		)