Docker: T7253: remove Kernel build dependencies to shrink container image

Move the Kernel build dependencies to package.toml to unbload the build container even more.
2025-10-01 20:28:40 +02:00 · 2025-05-12 18:15:05 +02:00 · 2025-05-12 18:15:05 +02:00 · 73df823da1
commit 73df823da1
parent 63f3ae10b0
4 changed files with 58 additions and 56 deletions
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -88,7 +88,8 @@ RUN apt-get update && apt-get install -y \
      po4a \
      openssh-client \
      jq \
-      socat
+      socat \
+      python-is-python3

 # Packages needed for vyos-build
 RUN apt-get update && apt-get install -y \
@ -198,34 +199,7 @@ RUN wget https://salsa.debian.org/klausenbusk-guest/debootstrap/commit/a9a603b17
    dpkg-buildpackage -us -uc && \
    sudo dpkg -i ../debootstrap*.deb

-# Packages needed for Linux Kernel
-# cmake required by accel-ppp
-RUN apt-get update && apt-get install -y \
-      cmake \
-      gnupg2 \
-      rsync \
-      libelf-dev \
-      libncurses5-dev \
-      flex \
-      bison \
-      bc \
-      kmod \
-      cpio \
-      python-is-python3 \
-      dwarves \
-      nasm \
-      rdfind
-
-# Packages needed for Intel QAT out-of-tree drivers
 # FPM is used when generation Debian pckages for e.g. Intel QAT drivers
-RUN apt-get update && apt-get install -y \
-      pciutils \
-      yasm \
-      ruby \
-      libudev-dev \
-      ruby-dev \
-      rubygems \
-      build-essential
 RUN gem install --no-document fpm

 # Packages needed for vyos-1x
@ -322,12 +296,6 @@ RUN if dpkg-architecture -iarm64; then \
      grub-efi-arm; \
    fi

-# Packages needed for openvpn-otp
-RUN apt-get update && apt-get install -y \
-      debhelper \
-      libssl-dev \
-      openvpn
-
 # Packages needed for OWAMP/TWAMP (service sla)
 RUN git clone -b 4.4.6 https://github.com/perfsonar/i2util.git /tmp/i2util && \
      cd /tmp/i2util && \
@ -340,30 +308,11 @@ RUN apt-get update && apt-get install -y \
      udev \
      zip

-# Packages needed for Accel-PPP
-# XXX: please note that this must be installed after nftable dependencies - otherwise
-# APT will remove liblua5.3-dev which breaks the Accel-PPP build
-# With bookworm, updated to libssl3 (Note: https://github.com/accel-ppp/accel-ppp/issues/68)
-RUN apt-get update && apt-get install -y \
-      liblua5.3-dev \
-      libssl3 \
-      libssl-dev \
-      libpcre3-dev
-
 # debmake: a native Debian tool for preparing sources for packaging
 RUN apt-get update && apt-get install -y \
      debmake \
      python3-debian

-# Packages for jool
-RUN apt-get update && apt-get install -y \
-      libnl-genl-3-dev \
-      libxtables-dev
-
-# Packages needed for nftables
-RUN apt-get update && apt-get install -y \
-      asciidoc-base
-
 # Allow password-less 'sudo' for all users in group 'sudo'
 RUN sed "s/^%sudo.*/%sudo\tALL=(ALL) NOPASSWD:ALL/g" -i /etc/sudoers && \
    echo "vyos_bld\tALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \
--- a/scripts/package-build/linux-kernel/build.py
+++ b/scripts/package-build/linux-kernel/build.py
@ -37,6 +37,7 @@ def ensure_dependencies(dependencies: list) -> None:
        return

    print("I: Ensure Debian build dependencies are met")
+    run(['sudo', 'apt-get', 'update'], check=True)
    run(['sudo', 'apt-get', 'install', '-y'] + dependencies, check=True)


@ -112,9 +113,6 @@ def build_package(package: dict, dependencies: list) -> None:
        # Clone or update the repository
        #clone_or_update_repo(repo_dir, package['scm_url'], package['commit_id'])

-        # Ensure dependencies
-        #ensure_dependencies(dependencies)
-
        # Prepare the package if required
        #if package.get('prepare_package', False):
        #    prepare_package(repo_dir, package.get('install_data', ''))
@ -275,6 +273,11 @@ if __name__ == '__main__':
    with open(defaults_path, 'r') as file:
        defaults = toml.load(file)

+    # Load global dependencies
+    global_dependencies = config.get('dependencies', {}).get('packages', [])
+    if global_dependencies:
+        ensure_dependencies(global_dependencies)
+
    packages = config['packages']

    # Filter packages if specific packages are specified in the arguments
--- a/scripts/package-build/linux-kernel/package.toml
+++ b/scripts/package-build/linux-kernel/package.toml
@ -81,3 +81,45 @@ name = "ipt-netflow"
 commit_id = "0eb2092e93"
 scm_url = "https://github.com/aabc/ipt-netflow"
 build_cmd = "build_ipt_netflow"
+
+[dependencies]
+packages = [
+    "cmake",
+    "gnupg2",
+    "rsync",
+    "libelf-dev",
+    "libncurses5-dev",
+    "flex",
+    "bison",
+    "bc",
+    "kmod",
+    "cpio",
+    "dwarves",
+    "nasm",
+    "rdfind",
+    "pciutils",
+    "yasm",
+    "libudev-dev",
+    "ruby",
+    "ruby-dev",
+    "rubygems",
+    "build-essential",
+    "libdw-dev",
+    "libunwind-dev",
+    "systemtap-sdt-dev",
+    "libslang2-dev",
+    "python-dev-is-python3",
+    "libzstd-dev",
+    "libcap-dev",
+    "libnuma-dev",
+    "libbabeltrace-ctf-dev",
+    "libpfm4-dev",
+    "libtraceevent-dev",
+    "liblua5.3-dev",
+    "libssl3",
+    "libssl-dev",
+    "libpcre3-dev",
+    "libnl-genl-3-dev",
+    "libxtables-dev",
+    "asciidoc-base"
+]
--- a/scripts/package-build/openvpn-otp/package.toml
+++ b/scripts/package-build/openvpn-otp/package.toml
@ -17,3 +17,11 @@ fpm --input-type dir --output-type deb --name openvpn-otp \
    --depends openvpn --architecture $(dpkg --print-architecture) \
    --version $(git describe --tags --always | cut -c2-) --deb-compression gz usr
 """
+
+
+[dependencies]
+packages = [
+  "debhelper",
+  "libssl-dev",
+  "openvpn"
+]