From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6591699875972251648
X-Received: by 2002:a1c:487:: with SMTP id 129-v6mr213910wme.22.1535463934123;
        Tue, 28 Aug 2018 06:45:34 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 2002:a1c:48c6:: with SMTP id v189-v6ls430575wma.1.gmail; Tue, 28
 Aug 2018 06:45:33 -0700 (PDT)
X-Google-Smtp-Source: ANB0VdZnke2IdWHVdBJvAE53vi+nF/cQp+noIrQpJjMFKrfrNv65jrSeUr34b6PcIvou2CZpWRbb
X-Received: by 2002:a1c:e3d6:: with SMTP id a205-v6mr225392wmh.1.1535463933597;
        Tue, 28 Aug 2018 06:45:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1535463933; cv=none;
        d=google.com; s=arc-20160816;
        b=jqwA/g+uv1e5RrFU9REu/nobMT96hsNRzfH+w7oIMiXI1XgxCaR39W2YKvta3J+5R/
         Huw8qzlL75m+iFO0XgCOy1wYlPg7mG/EdzYc1UcBu+dfcLuJDKO3BprDbyrq2PmvSMoO
         9CsXP1Z6CW8bb4veRSdS8gsQ+3+dOZ8CcAv0C7Lrp7OUgbXaM9T220jY/2fNGedBzzYg
         Oh5oqla9br9YaC39AgAjunOEYOaM0tzomsvDfYwEo1+JKgFNRHxg9pfaSXEzO+Chf6TV
         Wd4OxTcFL1IxM94VJi22xhIo4gpcmaxC6+1q0cdQPC+mZbFdcNyGwytpfgLVJhBCh6XW
         hA2A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:content-language:in-reply-to:mime-version
         :user-agent:date:message-id:from:references:to:subject
         :arc-authentication-results;
        bh=x39yigbv9Cw/2iBDAjyxBeErMJvumqfCqDr1BkimC6A=;
        b=dN4peJ9ah5NXKtIAedyawW9hF+Ia1SCTyWZ5wzUAaDMcmXfaOWBTDzYNLykFCqhZ5a
         Z3pAPi/1HkAMIQIr9NJvG254jrCgWwY4upwU6SVn5+GQxxoBkf9StDj7dP3/nlvLE0Gk
         MfjYOhBeNoayj2V18fGjXu9zk1xsAxSUoZCdukOGO587Dk229igCZLCYKRLiIHT/+VwU
         3HKEHnVDgjBPLYJP5z7Me5R9UfT6RSNVS0uqVG23FUZDfU8qaPWGsGRxiIjIQhLiBQOd
         wILZgm9ZdHHsVnutyNHE6JQFUWcFLfSG5eIkbKPkSGYQDTTde16A6mufBXz/sjZHKeCP
         rwrQ==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.28 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com
Return-Path: <jan.kiszka@siemens.com>
Received: from goliath.siemens.de (goliath.siemens.de. [192.35.17.28])
        by gmr-mx.google.com with ESMTPS id b192-v6si36570wmd.2.2018.08.28.06.45.33
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 28 Aug 2018 06:45:33 -0700 (PDT)
Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.28 as permitted sender) client-ip=192.35.17.28;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: domain of jan.kiszka@siemens.com designates 192.35.17.28 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com
Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35])
	by goliath.siemens.de (8.15.2/8.15.2) with ESMTPS id w7SDjWU6031554
	(version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Tue, 28 Aug 2018 15:45:33 +0200
Received: from [139.25.68.37] (md1q0hnc.ad001.siemens.net [139.25.68.37] (may be forged))
	by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id w7SDjWe4002379;
	Tue, 28 Aug 2018 15:45:32 +0200
Subject: Re: Minimizing isar-image-base
To: Alexander Smirnov <asmirnov@ilbers.de>,
        isar-users <isar-users@googlegroups.com>
References: <0228b199-d672-6610-0180-c8a84542366c@siemens.com>
 <aae8703b-c573-e1f8-e6a1-32a95ad4961e@ilbers.de>
From: Jan Kiszka <jan.kiszka@siemens.com>
Message-ID: <b66a60bc-c15f-f9b6-8fad-264ae18e5dc6@siemens.com>
Date: Tue, 28 Aug 2018 15:45:31 +0200
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.8.1.12)
 Gecko/20080226 SUSE/2.0.0.12-1.1 Thunderbird/2.0.0.12 Mnenhy/0.7.5.666
MIME-Version: 1.0
In-Reply-To: <aae8703b-c573-e1f8-e6a1-32a95ad4961e@ilbers.de>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-TUID: bXZMPR9uJaNf

On 2018-08-21 21:36, Alexander Smirnov wrote:
> Hi Jan,
> 
> On 20.08.2018 10:22, Jan Kiszka wrote:
>> Hi all,
>>
>> a couple of questions on what we pre-install into the de-facto 
>> standard base image for everything that builds on Isar:
>>
>> - Why do we pre-install init, but only for >= stretch?
>>
> 
> IIRC, for jessie and wheezy, the list of pre-installed packages was 
> created based on attempt to boot the board. So it's just a result of 
> experiment, no references to official Debian sources.
> 
>> - Why do we pre-install dbus?
>>
> 
> Again, IIRC, without dbus there was dirty boot log in QEMU, some 
> services failed to start.
> 
>> - Can we make apt optional? Installing it as transient package by
>>    default, e.g. What would happen if a downstream image then puts it
>>    into PREINSTALL again? Should we filter IMAGE_TRANSIENT_PACKAGES
>>    against IMAGE_PREINSTALL?
> 
> I could suppose how apt went to isar-image-base recipe, initially it was 
> a copy of buildchroot one. So nobody actually cares about the list of 
> packages, there was only one requirement - no error and warnings during 
> image boot in QEMU.
> 
> In buildchroot apt is needed to populate the dependencies.
> 
> With current Isar implementation the apt is a must package for image. 
> Let me explain why. Below is the whole chain to generate image:
> 
> 1. At first, isar-debootstrap is called. This recipe fetches minimal 
> *pure* Debian suite for specified architecture. It's stored in 
> tmp/deploy folder.
> 2. Image generation is started from copying this pre-fetched suite to 
> work folder.
> 3. Then you chroot to this *pure* minimal suite.
> 4. And finally all the additional packages in pre-install list are 
> installed via apt-get.
> 
> So, the only way for current architecture - remove apt in post-build task.
> 
> Hope this a bit clarifies your questions.
> 
>>
>> Alternatively, we could define some isar-image-tiny that removes 
>> packages from the base image, possibly also some that debootstrap 
>> pulls in.
>>
>> Ideas, suggestions?
>>
> 
> I'd support you with this idea. For example sometimes I really need 
> minimal QEMU image with just console, let's say 10-20MB of disk space 
> and 2-3 minutes to build it.
> 
> But my proposal will be to start from requirements - which packages 
> should go to tiny image and why. Otherwise we will have the same 
> questions as above in 1-2 years :-)

FWIW, below is the list that the debian:stretch-slim docker container 
installs. It does not contain a kernel, obviously, and it apparently 
does not use systemd. It still has apt installed, though. Under that 
conditions, it ends up with some 60 MB on x86.

Here is also more information on how they produce that rootfs:
https://github.com/debuerreotype/debuerreotype

Jan

---

adduser
apt
base-files
base-passwd
bash
bsdutils
coreutils
dash
debconf
debian-archive-keyring
debianutils
diffutils
dpkg
e2fslibs:amd64
e2fsprogs
findutils
gcc-6-base:amd64
gpgv
grep
gzip
hostname
init-system-helpers
libacl1:amd64
libapt-pkg5.0:amd64
libattr1:amd64
libaudit-common
libaudit1:amd64
libblkid1:amd64
libbz2-1.0:amd64
libc-bin
libc6:amd64
libcap-ng0:amd64
libcomerr2:amd64
libdb5.3:amd64
libdebconfclient0:amd64
libfdisk1:amd64
libgcc1:amd64
libgcrypt20:amd64
libgpg-error0:amd64
liblz4-1:amd64
liblzma5:amd64
libmount1:amd64
libncursesw5:amd64
libpam-modules:amd64
libpam-modules-bin
libpam-runtime
libpam0g:amd64
libpcre3:amd64
libselinux1:amd64
libsemanage-common
libsemanage1:amd64
libsepol1:amd64
libsmartcols1:amd64
libss2:amd64
libstdc++6:amd64
libsystemd0:amd64
libtinfo5:amd64
libudev1:amd64
libustr-1.0-1:amd64
libuuid1:amd64
login
lsb-base
mawk
mount
multiarch-support
ncurses-base
ncurses-bin
passwd
perl-base
sed
sensible-utils
sysvinit-utils
tar
tzdata
util-linux
zlib1g:amd64

-- 
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux