Some analysis on the size of the minimal and Server installs of Fedora 23

Pádraig Brady P at draigBrady.com
Tue Nov 17 17:03:06 UTC 2015 

On 17/11/15 01:39, Stephen Gallagher wrote:
> (Please keep responses on the devel@ list; I've set it in the Reply-To.)
> 
> To jump right to the premise: The default Fedora Server install is Way
> Too Big(TM) and the minimal install (also available on the Fedora
> Server install media) is also Too Big.
> 
> I've been trying to do some quick-and-dirty analysis of what is in
> these default installations in order to figure out where we should be
> focusing our efforts. I'll point out that there are two goals that we
> need to keep in mind (and the reasons behind them) in order of
> increasing importance:
> 
> 1) Reduce disk space usage. While disk space on physical devices is
> becoming trivially cheap, disk space on Cloud deployments and rented
> virtual servers is still comparatively very expensive. We really want
> to minimize the amount of space that we use for Fedora so that users
> can fit their applications (the stuff they actually care about) into
> the remaining space without being forced to buy a larger storage
> allotment.
> 
> 2) Reduce maintenance efforts. Every additional piece of software on
> the system (referred to hereafter as "packages") increases the
> maintenance burden on an administrator. Universally, administrators
> prefer to have the smallest number of packages to maintain for a
> variety of reasons:
>  * Limiting update churn. The more packages on the system, the more
>    often that one will need to run updates.
>  * Limiting security exposure. Every package on the system is another
>    potential privilege-escalation point. Keeping this number under
>    control means a reduced likelihood of a catastrophic breach. (The
>    actual risk here is impossible to quantify, but it can be assumed
>    that less code == less potential vulnerabilities.
>  * Non-expert administrators do not always know what is installed on
>    their systems. This can lead to unintentional breaches as an
>    admin doesn't realize that one or more services needs to be limited
>    (such as in the firewall or via SELinux).
> 
> With these two goals in mind, the most obvious approach to improving
> this situation would be by reducing the number of packages installed
> by default on the Minimal and Fedora Server installs. As a specific
> goal of the Server Working Group, we want to aim for a world wherein
> administrators will no longer desire to install the Minimal install
> and instead will rely on the platform provided by the default Fedora
> Server install. They do not do this today because the Fedora Server
> installation is considerably larger. I postulate that this is due
> primarily to dependency bloat, which is where we should focus our
> efforts during the Fedora 24 timeframe. I postulate (but have not yet
> confirmed) that there are likely many places where we could replace
> Requires: with Recommends: (or even Suggests:) dependencies. In my
> ideal world, the difference between a Minimal and Server install would
> be identical to installing the same set of packages with Recommends:
> on or off.
> 
> 
> Some highlights of my initial research (with a lot of my raw data in
> the tarball attached to this email):
> 
> 
> == Minimal ==
> 
> === Disk Usage ===
> /boot: 79MB
> /:     755MB
> 
> 
> === Packages ===
> Total count: 270
> 
> ==== Largest 10 packages ====
> 14288083: coreutils

We might create a coreutils-singlebin package that is built with
  ./configure --enable-single-binary
which would include only the single binary and stubs.
I think chromium is using this setup.
coreutils-singlebin could Recommends: coreutils-doc, while the
standard coreutils package would require coreutils-doc.
That would save about 13MB in the install.
Caveat is that the single binary would dynamically link
all shared libs, which associated startup and mem overhead.

cheers,
Pádraig

More information about the server mailing list