We want to stop systemd from being added to docker images, because of rpm requiring systemctl.
mzerqung at 0pointer.de
Tue Apr 29 16:14:39 UTC 2014
On Tue, 29.04.14 18:03, Alexander Larsson (alexl at redhat.com) wrote:
> On tis, 2014-04-29 at 17:40 +0200, Lennart Poettering wrote:
> > On Tue, 29.04.14 16:58, Alexander Larsson (alexl at redhat.com) wrote:
> > > On tis, 2014-04-29 at 12:33 +0200, Lennart Poettering wrote:
> > > > On Mon, 28.04.14 17:01, Daniel J Walsh (dwalsh at redhat.com) wrote:
> > > >
> > > > > The problem is lots of services require systemd because they ship a
> > > > > unit file and want systemctl reload to happen. Systemd then triggers a
> > > > > require for udev and kmod, which docker containers do not need.
> > > >
> > > > If you discount the docs/man pages of the RPMs, how much does kmod,
> > > > udev, systemd actually contribtue in bytes to your docker images?
> > >
> > > Its around 15 megs or so, although on rhel7 its 20 megs larger because
> > > of a dependency that kmod has on /usr/bin/nm (binutils) that doesn't
> > > seem to be there on fedora kmod. This seems like a bug in fedora though,
> > > as kmod ships /usr/sbin/weak-modules which calls nm, so once fixed
> > > fedora would be at 35 meg too.
> > I am pretty sure that the weak-modules thing should just go. It's
> > outdated cruft, for some enterprise thing, and inused in Fedora. I'd
> > really recommend to just drop it from the Fedora package...
> > > But, even if the size is small that is not the full picture. There are a
> > > bunch of dependencies like dbus (the daemon), device-mapper, kmod, and
> > > iptables that are recursively pulled in by systemd that don't really
> > device-mapper? iptables? That sounds wrong... Any idea how that gets
> > pulled in? the dm libs might get pulled in indirectly via libcryptsetup,
> > but the other dm tools really shouldn't be. And iptables i really don't
> > see how that's pulled in?
> systemd => cryptsetup-libs => device-mapper-libs => device-mapper
> Don't have time to look up the details atm, but iptable was reached via
> initscripts somehow.
I wonder if we can break the d-m-l → d-m link... If we can't there's
probably little reason to have two packages for this...
Lennart Poettering, Red Hat
More information about the devel