Docker and issues with using minimal Fedora base images

It is recomended when creating docker images that minimal images be used. In the case of Fedora it is recomended that for smallest images the minimal image should be used and “microdnf” be used instead of the full blown “dnf” package manager.

One major issue I have hit with using microdnf is that if a package in the main Fedora repositories is downgraded to a version below that shipped with the minimal image “microdnf” cannot handle downgrading packages when required.

Re-doing a build that had been working for over four months it suddenly started failing with a conflict. The error I hit is below.

 glibc-2.29-22.fc30.x86_64                             updates      4.2\xc2\xa0MB
 glibc-common-2.29-22.fc30.x86_64                      updates    858.5\xc2\xa0kB
 glibc-minimal-langpack-2.29-22.fc30.x86_64            updates     48.4\xc2\xa0kB
 libxcrypt-4.4.10-1.fc30.x86_64                        updates    125.3\xc2\xa0kB
 libstdc++-9.0.1-0.10.fc30.x86_64                      fedora     583.9\xc2\xa0kB
Transaction Summary:
 Installing:      204 packages
 Reinstalling:      0 packages
 Upgrading:         4 packages
 Removing:          0 packages
 Downgrading:       1 packages
Downloading packages...
Running transaction test...
error: Error running transaction: package libstdc++-9.1.1-1.fc30.x86_64 (which is newer than libstdc++-9.0.1-0.10.fc30.x86_64) is already installed

The “microdnf” tool does not support usefull options “dnf” supports for resolving conflicts, in the case of conflicts like this the only solution is to switch to using the full “dnf” package. It requires changing the Dockerfile from…

...lots of stuff...
RUN microdnf -y install perl procps-ng vim-minimal && microdnf clean all

to the below…

...lots of stuff...
RUN microdnf -y install dnf
RUN dnf -y --allowerasing --obsoletes install perl procps-ng vim-minimal && dnf clean all && microdnf clean all

This results in a image size around 42Mb larger than just using microdnf, but it is unfortunately the only way to handle the issue.

About mark

At work, been working on Tandems for around 30yrs (programming + sysadmin), plus AIX and Solaris sysadmin also thrown in during the last 20yrs; also about 5yrs on MVS (mainly operations and automation but also smp/e work). At home I have been using linux for decades. Programming background is commercially in TAL/COBOL/SCOBOL/C(Tandem); 370 assembler(MVS); C, perl and shell scripting in *nix; and Microsoft Macro Assembler(windows).
This entry was posted in Automation, Unix. Bookmark the permalink.