Smaller Debian Docker tips - apt lists

One of the hidden gems of GitHub is Jess Frazelle’s Dockerfiles Repo, a collection of Dockerfiles for applications she runs in containers to keep her desktop clean and minimal. While reading the NMap Dockerfile I noticed a little bit of shell I’d not seen before.

I’ve included the file itself below. The line in question is && rm -rf /var/lib/apt/lists/*, a tiny bit of shell that does some additional cleanup once apt has installed the required packages.

FROM debian:stretch
LABEL maintainer "Jessie Frazelle <jess@linux.com>"

RUN apt-get update && apt-get install -y \
	nmap \
	--no-install-recommends \
	&& rm -rf /var/lib/apt/lists/*

ENTRYPOINT [ "nmap" ]

Curiosity got the best of me and I decided to see how much of a saving that line provides. First I built the Docker image as Jess intended:

sudo docker build -t nmap-rm-lists -f Dockerfile-rm-lists .

> sudo docker images
REPOSITORY           TAG      IMAGE ID       CREATED             SIZE
nmap-rm-lists        latest   9a4a697649f9   10 seconds ago      131.1 MB

As you can see in the output this creates an image 131.1 MB in size. If we remove the rm line (and the \ continuation character from the line above) and rebuild the image we should see a larger image.

sudo docker build -t nmap-with-apt-lists -f Dockerfile-with-apt-lists .

...

> sudo docker images
REPOSITORY           TAG      IMAGE ID       CREATED              SIZE
nmap-with-apt-lists  latest   d8459f6f2b93   About a minute ago   146.6 MB

And indeed we do, the image is just over 10% larger without that little optimisation. That’s going to be quite a nice saving over a few dozen container images. While looking through some of the other code in that repo I saw mention of a debian:stretch-slim image so I thought it was worth running an additional experiment with it as the base. Making the small change from FROM debian:stretch to FROM debian:stretch-slim in our Dockerfile, with the rm -rf /var/lib/apt/lists/* command also present, results in a much smaller image at just 86 MB

> sudo docker images
REPOSITORY           TAG      IMAGE ID       CREATED             SIZE
nmap-rm-lists-slim   latest   8fa72fad3929   About a minute ago  86.78 MB

For completeness (Hi Wes!) if we leave the lists in and use the debian:stretch- slim image we have a significantly larger image at 102 MB. This helps show that even with smaller base image the removal of the apt list files is still well worth it.


REPOSITORY             TAG      IMAGE ID      CREATED        SIZE
nmap-with-lists-slim   latest   26e65d974ae6  8 seconds ago  102.2 MB

While an Alpine image would be even smaller it’s nice to see this kind of size saving on Debian based images that look a lot closer to what I’d normally run in my VMs.