From dc82a80d1ae1ac0579432b5a37123175b6c25514 Mon Sep 17 00:00:00 2001 From: Ed Morley <501702+edmorley@users.noreply.github.com> Date: Mon, 22 Apr 2024 18:31:08 +0100 Subject: [PATCH 01/25] Heroku-24: Switch editor from `ed` to `nano` (#284) Whilst using an editor inside dynos is generally discouraged (since changes by design won't persist), it's sometimes unavoidable when debugging. Previously the only options were to either: 1. Use `ed`, which is pretty user-unfriendly (It somehow manages to be harder than Vim to quit) 2. Dynamically download a hacked together install of Vim onto the dyno As such in a recent discussion we proposed adding `nano` instead, since its more usable than `ed` but smaller than `vim` (`vim` is 70 MB, `vim-tiny` 4 MB, `nano` 0.9 MB, and `ed` 0.1 MB). See: https://salesforce-internal.slack.com/archives/C02GZCPPV38/p1709225255361399?thread_ts=1709054633.272659&cid=C02GZCPPV38 GUS-W-15159536. --- heroku-24-build/installed-packages-amd64.txt | 2 +- heroku-24-build/installed-packages-arm64.txt | 2 +- heroku-24/installed-packages-amd64.txt | 2 +- heroku-24/installed-packages-arm64.txt | 2 +- heroku-24/setup.sh | 3 ++- 5 files changed, 6 insertions(+), 5 deletions(-) diff --git a/heroku-24-build/installed-packages-amd64.txt b/heroku-24-build/installed-packages-amd64.txt index c4575fe3..f607c051 100644 --- a/heroku-24-build/installed-packages-amd64.txt +++ b/heroku-24-build/installed-packages-amd64.txt @@ -37,7 +37,6 @@ dirmngr dpkg dpkg-dev e2fsprogs -ed file findutils fontconfig @@ -517,6 +516,7 @@ media-types mlock mount mysql-common +nano ncurses-base ncurses-bin netbase diff --git a/heroku-24-build/installed-packages-arm64.txt b/heroku-24-build/installed-packages-arm64.txt index 37ae339d..813a7558 100644 --- a/heroku-24-build/installed-packages-arm64.txt +++ b/heroku-24-build/installed-packages-arm64.txt @@ -37,7 +37,6 @@ dirmngr dpkg dpkg-dev e2fsprogs -ed file findutils fontconfig @@ -509,6 +508,7 @@ media-types mlock mount mysql-common +nano ncurses-base ncurses-bin netbase diff --git a/heroku-24/installed-packages-amd64.txt b/heroku-24/installed-packages-amd64.txt index 7563cc96..1f38c2de 100644 --- a/heroku-24/installed-packages-amd64.txt +++ b/heroku-24/installed-packages-amd64.txt @@ -21,7 +21,6 @@ diffutils dirmngr dpkg e2fsprogs -ed file findutils fontconfig @@ -284,6 +283,7 @@ mawk mlock mount mysql-common +nano ncurses-base ncurses-bin netbase diff --git a/heroku-24/installed-packages-arm64.txt b/heroku-24/installed-packages-arm64.txt index 7563cc96..1f38c2de 100644 --- a/heroku-24/installed-packages-arm64.txt +++ b/heroku-24/installed-packages-arm64.txt @@ -21,7 +21,6 @@ diffutils dirmngr dpkg e2fsprogs -ed file findutils fontconfig @@ -284,6 +283,7 @@ mawk mlock mount mysql-common +nano ncurses-base ncurses-bin netbase diff --git a/heroku-24/setup.sh b/heroku-24/setup.sh index 9c0e6306..a81c393a 100755 --- a/heroku-24/setup.sh +++ b/heroku-24/setup.sh @@ -64,7 +64,6 @@ packages=( bzip2 coreutils curl - ed file fontconfig geoip-database @@ -152,6 +151,8 @@ packages=( libzstd1 locales lsb-release + # Nano is more usable than ed but still much smaller than vim. + nano netcat-openbsd openssh-client openssh-server From a1401300e379387aae1e5fe87c036f66526890d0 Mon Sep 17 00:00:00 2001 From: Ed Morley <501702+edmorley@users.noreply.github.com> Date: Tue, 23 Apr 2024 19:40:00 +0100 Subject: [PATCH 02/25] Heroku-24: Fix customisation of APT sources list (#287) Previously the hardcoded custom APT sources list caused APT to pull indexes for both AMD64 and ARM64, even though only one or the other is ever required. Now, we instead make edits to the existing architecture-specific default Ubuntu APT sources file (which only includes the config for that architecture, not several architectures). This saves having to hardcode multiple variants of the file in `setup.sh`. The new implementation intentionally doesn't disable the backports suite, since Ubuntu no longer considers that suite by default, starting in Ubuntu 11.04: https://help.ubuntu.com/community/UbuntuBackports?action=recall&rev=90 Fixes #286. GUS-W-15576471. --- heroku-24/setup.sh | 42 +++++++++++------------------------------- 1 file changed, 11 insertions(+), 31 deletions(-) diff --git a/heroku-24/setup.sh b/heroku-24/setup.sh index a81c393a..4da0ed17 100755 --- a/heroku-24/setup.sh +++ b/heroku-24/setup.sh @@ -4,37 +4,17 @@ set -euxo pipefail export DEBIAN_FRONTEND=noninteractive -# This is the default `ubuntu.sources` from both the AMD64 and ARM64 images -# combined, with `noble-backports`, `restricted` and `multiverse` removed. -cat >/etc/apt/sources.list.d/ubuntu.sources < Date: Tue, 23 Apr 2024 21:34:36 +0100 Subject: [PATCH 03/25] Heroku-24: Omit transitive deps from package list (#285) This cleans up the packages list in `setup.sh` so that it only includes top-level dependencies, and no longer redundantly specifies packages that are transitive dependencies of the main packages. In addition, `coreutils` has been omitted since it's already in the base Ubuntu 24.04 image (since it's in the `essentials` group). (In the past before we had the installed packages list validated by CI, these redundant transitive deps served as a way to ensure we didn't accidentally omit a package.) This change is a no-op in terms of the final images (note how there is no change to the generated `installed-packages-*.txt` lists), but makes it easier to follow/audit the remaining packages in the list. GUS-W-15159536. --- heroku-24/setup.sh | 36 ------------------------------------ 1 file changed, 36 deletions(-) diff --git a/heroku-24/setup.sh b/heroku-24/setup.sh index 4da0ed17..1a025717 100755 --- a/heroku-24/setup.sh +++ b/heroku-24/setup.sh @@ -42,10 +42,8 @@ packages=( # For dig, host and nslookup. bind9-dnsutils bzip2 - coreutils curl file - fontconfig geoip-database gettext-base gir1.2-harfbuzz-0.0 @@ -55,13 +53,9 @@ packages=( iproute2 iputils-tracepath less - libaom3 libargon2-1 libass9 libc-client2007e - libcairo2 - libcurl4 - libdatrie1 libdav1d7 libev4 libevent-2.1-7 @@ -69,66 +63,38 @@ packages=( libevent-extra-2.1-7 libevent-openssl-2.1-7 libevent-pthreads-2.1-7 - libexif12 - libfreetype6 - libfribidi0 libgd3 libgdk-pixbuf2.0-0 - libgdk-pixbuf2.0-common libgnutls-openssl27 libgnutls30 - libgraphite2-3 - libgraphite2-3 - libharfbuzz-gobject0 libharfbuzz-icu0 - libharfbuzz0b - libheif1 liblzf1 libmagickcore-6.q16-7-extra libmcrypt4 libmemcached11 libmp3lame0 libmysqlclient21 - libnuma1 - libogg0 libonig5 libopencore-amrnb0 libopencore-amrwb0 libopus0 - libpango-1.0-0 - libpangocairo-1.0-0 - libpangoft2-1.0-0 - libpixman-1-0 librabbitmq4 - librsvg2-2 librsvg2-common libsasl2-modules - libseccomp2 libsodium23 libspeex1 libsvtav1enc1d1 - libthai-data - libthai0 libtheora0 - libunistring5 libuv1 libvips42 - libvorbis0a libvorbisenc2 libvorbisfile3 libvpx9 - libwebp7 - libwebpdemux2 - libwebpmux3 libx264-164 libx265-199 - libxcb-render0 - libxcb-shm0 - libxrender1 libxslt1.1 libyaml-0-2 libzip4 - libzstd1 locales lsb-release # Nano is more usable than ed but still much smaller than vim. @@ -141,7 +107,6 @@ packages=( postgresql-client-16 rename rsync - shared-mime-info socat tar tzdata @@ -149,7 +114,6 @@ packages=( wget xz-utils zip - zlib1g zstd ) From 6f9cc3e8c54ae9dd13377c30b5b19e2e26057075 Mon Sep 17 00:00:00 2001 From: Ed Morley <501702+edmorley@users.noreply.github.com> Date: Thu, 25 Apr 2024 05:24:48 +0100 Subject: [PATCH 04/25] Fix indentation in bin/build.sh (#289) A few lines were over-indented, making it seem like the later lines were outside the for loop. --- bin/build.sh | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/bin/build.sh b/bin/build.sh index c22e8dae..bf784e80 100755 --- a/bin/build.sh +++ b/bin/build.sh @@ -135,21 +135,21 @@ display "Building ${RUN_DOCKERFILE_DIR} / ${RUN_IMAGE_TAG} image" # from upstream ubuntu images are included. docker "${DOCKER_ARGS[@]}" --pull \ --tag "${RUN_IMAGE_TAG}" "${RUN_DOCKERFILE_DIR}" | indent - write_package_list "${RUN_IMAGE_TAG}" "${RUN_DOCKERFILE_DIR}" - - for VARIANT in "${VARIANTS[@]}"; do - VARIANT_NAME=$(echo "$VARIANT" | cut -d ":" -f 1) - DEPENDENCY_NAME=$(echo "$VARIANT" | cut -d ":" -f 2) - VARIANT_IMAGE_TAG="${REPO}:${STACK_VERSION}${VARIANT_NAME}${PUBLISH_SUFFIX}" - VARIANT_DOCKERFILE_DIR="heroku-${STACK_VERSION}${VARIANT_NAME}" - DEPENDENCY_IMAGE_TAG="${REPO}:${STACK_VERSION}${DEPENDENCY_NAME}${PUBLISH_SUFFIX}" - - [[ -d "${VARIANT_DOCKERFILE_DIR}" ]] || abort "fatal: directory ${VARIANT_DOCKERFILE_DIR} not found" - display "Building ${VARIANT_DOCKERFILE_DIR} / ${VARIANT_IMAGE_TAG} image" - # The --pull option is not used for variants since they depend on images - # built earlier in this script. - docker "${DOCKER_ARGS[@]}" --build-arg "BASE_IMAGE=${DEPENDENCY_IMAGE_TAG}" \ - --tag "${VARIANT_IMAGE_TAG}" "${VARIANT_DOCKERFILE_DIR}" | indent +write_package_list "${RUN_IMAGE_TAG}" "${RUN_DOCKERFILE_DIR}" + +for VARIANT in "${VARIANTS[@]}"; do + VARIANT_NAME=$(echo "$VARIANT" | cut -d ":" -f 1) + DEPENDENCY_NAME=$(echo "$VARIANT" | cut -d ":" -f 2) + VARIANT_IMAGE_TAG="${REPO}:${STACK_VERSION}${VARIANT_NAME}${PUBLISH_SUFFIX}" + VARIANT_DOCKERFILE_DIR="heroku-${STACK_VERSION}${VARIANT_NAME}" + DEPENDENCY_IMAGE_TAG="${REPO}:${STACK_VERSION}${DEPENDENCY_NAME}${PUBLISH_SUFFIX}" + + [[ -d "${VARIANT_DOCKERFILE_DIR}" ]] || abort "fatal: directory ${VARIANT_DOCKERFILE_DIR} not found" + display "Building ${VARIANT_DOCKERFILE_DIR} / ${VARIANT_IMAGE_TAG} image" + # The --pull option is not used for variants since they depend on images + # built earlier in this script. + docker "${DOCKER_ARGS[@]}" --build-arg "BASE_IMAGE=${DEPENDENCY_IMAGE_TAG}" \ + --tag "${VARIANT_IMAGE_TAG}" "${VARIANT_DOCKERFILE_DIR}" | indent # generate the package list for non-cnb variants. cnb variants don't # influence the list of installed packages. From ff5d25c879866df9375a3e24819595cf3ae5f844 Mon Sep 17 00:00:00 2001 From: Ed Morley <501702+edmorley@users.noreply.github.com> Date: Thu, 25 Apr 2024 05:31:34 +0100 Subject: [PATCH 05/25] Heroku-24: Switch from `libgdk-pixbuf2.0-0` to `libgdk-pixbuf-2.0-0` (#288) Since the former is a transitional package, that already depends upon the latter: https://packages.ubuntu.com/noble/libgdk-pixbuf2.0-0 https://packages.ubuntu.com/noble/libgdk-pixbuf-2.0-0 The new package name doesn't depend upon `libgdk-pixbuf-xlib-2.0-0`, however, that package is deprecated, and nothing appears to use it. This also means we're using fewer packages from `universe` (which has lesser support guarantees), since the old packages are in `universe` unlike the new ones that are in `main`. GUS-W-15159536. --- heroku-24-build/installed-packages-amd64.txt | 2 -- heroku-24-build/installed-packages-arm64.txt | 2 -- heroku-24/installed-packages-amd64.txt | 2 -- heroku-24/installed-packages-arm64.txt | 2 -- heroku-24/setup.sh | 2 +- 5 files changed, 1 insertion(+), 9 deletions(-) diff --git a/heroku-24-build/installed-packages-amd64.txt b/heroku-24-build/installed-packages-amd64.txt index f607c051..4abf752d 100644 --- a/heroku-24-build/installed-packages-amd64.txt +++ b/heroku-24-build/installed-packages-amd64.txt @@ -200,8 +200,6 @@ libgdbm-dev libgdbm6t64 libgdk-pixbuf-2.0-0 libgdk-pixbuf-2.0-dev -libgdk-pixbuf-xlib-2.0-0 -libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-bin libgdk-pixbuf2.0-common libgeoip-dev diff --git a/heroku-24-build/installed-packages-arm64.txt b/heroku-24-build/installed-packages-arm64.txt index 813a7558..7972235d 100644 --- a/heroku-24-build/installed-packages-arm64.txt +++ b/heroku-24-build/installed-packages-arm64.txt @@ -196,8 +196,6 @@ libgdbm-dev libgdbm6t64 libgdk-pixbuf-2.0-0 libgdk-pixbuf-2.0-dev -libgdk-pixbuf-xlib-2.0-0 -libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-bin libgdk-pixbuf2.0-common libgeoip-dev diff --git a/heroku-24/installed-packages-amd64.txt b/heroku-24/installed-packages-amd64.txt index 1f38c2de..af587191 100644 --- a/heroku-24/installed-packages-amd64.txt +++ b/heroku-24/installed-packages-amd64.txt @@ -115,8 +115,6 @@ libgd3 libgdbm-compat4t64 libgdbm6t64 libgdk-pixbuf-2.0-0 -libgdk-pixbuf-xlib-2.0-0 -libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-common libglib2.0-0t64 libgmp10 diff --git a/heroku-24/installed-packages-arm64.txt b/heroku-24/installed-packages-arm64.txt index 1f38c2de..af587191 100644 --- a/heroku-24/installed-packages-arm64.txt +++ b/heroku-24/installed-packages-arm64.txt @@ -115,8 +115,6 @@ libgd3 libgdbm-compat4t64 libgdbm6t64 libgdk-pixbuf-2.0-0 -libgdk-pixbuf-xlib-2.0-0 -libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-common libglib2.0-0t64 libgmp10 diff --git a/heroku-24/setup.sh b/heroku-24/setup.sh index 1a025717..a25925fd 100755 --- a/heroku-24/setup.sh +++ b/heroku-24/setup.sh @@ -64,7 +64,7 @@ packages=( libevent-openssl-2.1-7 libevent-pthreads-2.1-7 libgd3 - libgdk-pixbuf2.0-0 + libgdk-pixbuf-2.0-0 libgnutls-openssl27 libgnutls30 libharfbuzz-icu0 From a5b07ef7c553597743d9891e6536c34816bc0f0b Mon Sep 17 00:00:00 2001 From: Ed Morley <501702+edmorley@users.noreply.github.com> Date: Thu, 25 Apr 2024 13:26:24 +0100 Subject: [PATCH 06/25] Heroku-24: Update comment about `locale-gen` (#290) Adds some more detail, and also the missing `C.utf8` reference, since that's also in the default locales list for the base `ubuntu:24.04` image: ``` $ locale -a C C.utf8 POSIX ``` See also: https://github.com/docker-library/docs/blob/master/ubuntu/README.md#locales https://help.ubuntu.com/community/Locale https://manpages.ubuntu.com/manpages/noble/en/man8/locale-gen.8.html --- heroku-24/setup.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/heroku-24/setup.sh b/heroku-24/setup.sh index a25925fd..6601df90 100755 --- a/heroku-24/setup.sh +++ b/heroku-24/setup.sh @@ -119,8 +119,9 @@ packages=( apt-get install -y --no-install-recommends "${packages[@]}" -# Generate locale data for "en_US", which is not available by default. Ubuntu -# ships only with "C" and "POSIX" locales. +# Generate locale data for "en_US.UTF-8" too, since the upstream Ubuntu image +# only ships with the "C", "C.utf8" and "POSIX" locales: +# https://github.com/docker-library/docs/blob/master/ubuntu/README.md#locales locale-gen en_US.UTF-8 # Temporarily install ca-certificates-java to generate the certificates store used From 5507eac8ea186012bbd9adbda9480cfcc10fbd0d Mon Sep 17 00:00:00 2001 From: Ed Morley <501702+edmorley@users.noreply.github.com> Date: Thu, 25 Apr 2024 21:09:32 +0100 Subject: [PATCH 07/25] Track package status in `installed-packages*.txt` (#291) During image generation we output the list of packages present in the image and save that list to `installed-packages*.txt` files committed to the repo. In CI, any untracked changes to these files after image generation has been run, results in the CI run failing. This ensures we don't ship an image update with packages missing, which could otherwise occur if/when transitive dependencies are removed upstream. The list of packages is generated using `dpkg-query` and a custom format string to ensure the output doesn't include package properties that will frequently change (such as the version field) and cause too much churn and resultant failures in CI. However, `dpkg-query` (like `dpkg --list`) lists not only fully installed packages, but also packages that were partially removed, eg by removing without using the purge option (which leaves config files behind). This scenario can occur both if we forget to purge when removing a package, or in cases where we actually need the config files left behind (such as for `ca-certificates-java`). As such, this change now includes the package status in the output, so we can track/enforce it via the CI check. In the common case (a status of `installed`), we filter out the status to reduce noise, and make it easier to spot the cases that we want reviewers to focus on, when reviewing changes to those files. See also: https://manpages.ubuntu.com/manpages/jammy/en/man1/dpkg-query.1.html GUS-W-15606675. --- bin/build.sh | 6 +++++- heroku-20-build/installed-packages.txt | 2 +- heroku-20/installed-packages.txt | 2 +- heroku-22-build/installed-packages.txt | 2 +- heroku-22/installed-packages.txt | 2 +- heroku-24-build/installed-packages-amd64.txt | 2 +- heroku-24-build/installed-packages-arm64.txt | 2 +- heroku-24/installed-packages-amd64.txt | 2 +- heroku-24/installed-packages-arm64.txt | 2 +- 9 files changed, 13 insertions(+), 9 deletions(-) diff --git a/bin/build.sh b/bin/build.sh index bf784e80..c229d7dc 100755 --- a/bin/build.sh +++ b/bin/build.sh @@ -122,7 +122,11 @@ write_package_list() { fi display "Generating package list: ${output_file}" echo "# List of packages present in the final image. Regenerate using bin/build.sh" > "$output_file" - docker run --rm --platform="linux/${arch}" "$image_tag" dpkg-query --show --showformat='${Package}\n' >> "$output_file" + # We include the package status in the output so we can differentiate between fully installed + # packages, and those that have been removed but not purged (either because we forgot to purge, + # or because we intentionally left config files behind, such as for `ca-certificates-java`). + docker run --rm --platform="linux/${arch}" "$image_tag" dpkg-query --show --showformat='${Package} (package status: ${db:Status-Status})\n' \ + | sed -e 's/ (package status: installed)//' >> "$output_file" done } diff --git a/heroku-20-build/installed-packages.txt b/heroku-20-build/installed-packages.txt index 78e3fa1a..4658793d 100644 --- a/heroku-20-build/installed-packages.txt +++ b/heroku-20-build/installed-packages.txt @@ -23,7 +23,7 @@ build-essential bzip2 bzr ca-certificates -ca-certificates-java +ca-certificates-java (package status: config-files) clang-10 cmake cmake-data diff --git a/heroku-20/installed-packages.txt b/heroku-20/installed-packages.txt index 591b54c8..fa1c0951 100644 --- a/heroku-20/installed-packages.txt +++ b/heroku-20/installed-packages.txt @@ -15,7 +15,7 @@ binutils-x86-64-linux-gnu bsdutils bzip2 ca-certificates -ca-certificates-java +ca-certificates-java (package status: config-files) coreutils cpp cpp-9 diff --git a/heroku-22-build/installed-packages.txt b/heroku-22-build/installed-packages.txt index f0c310bc..7136b01c 100644 --- a/heroku-22-build/installed-packages.txt +++ b/heroku-22-build/installed-packages.txt @@ -22,7 +22,7 @@ build-essential bzip2 bzr ca-certificates -ca-certificates-java +ca-certificates-java (package status: config-files) cmake cmake-data comerr-dev diff --git a/heroku-22/installed-packages.txt b/heroku-22/installed-packages.txt index 8127a061..72d4bfcc 100644 --- a/heroku-22/installed-packages.txt +++ b/heroku-22/installed-packages.txt @@ -15,7 +15,7 @@ binutils-x86-64-linux-gnu bsdutils bzip2 ca-certificates -ca-certificates-java +ca-certificates-java (package status: config-files) coreutils cpp cpp-11 diff --git a/heroku-24-build/installed-packages-amd64.txt b/heroku-24-build/installed-packages-amd64.txt index 4abf752d..2aa1d96e 100644 --- a/heroku-24-build/installed-packages-amd64.txt +++ b/heroku-24-build/installed-packages-amd64.txt @@ -19,7 +19,7 @@ bsdutils build-essential bzip2 ca-certificates -ca-certificates-java +ca-certificates-java (package status: config-files) cmake cmake-data comerr-dev diff --git a/heroku-24-build/installed-packages-arm64.txt b/heroku-24-build/installed-packages-arm64.txt index 7972235d..bc4da84c 100644 --- a/heroku-24-build/installed-packages-arm64.txt +++ b/heroku-24-build/installed-packages-arm64.txt @@ -19,7 +19,7 @@ bsdutils build-essential bzip2 ca-certificates -ca-certificates-java +ca-certificates-java (package status: config-files) cmake cmake-data comerr-dev diff --git a/heroku-24/installed-packages-amd64.txt b/heroku-24/installed-packages-amd64.txt index af587191..e9b7ff21 100644 --- a/heroku-24/installed-packages-amd64.txt +++ b/heroku-24/installed-packages-amd64.txt @@ -11,7 +11,7 @@ bind9-libs bsdutils bzip2 ca-certificates -ca-certificates-java +ca-certificates-java (package status: config-files) coreutils curl dash diff --git a/heroku-24/installed-packages-arm64.txt b/heroku-24/installed-packages-arm64.txt index af587191..e9b7ff21 100644 --- a/heroku-24/installed-packages-arm64.txt +++ b/heroku-24/installed-packages-arm64.txt @@ -11,7 +11,7 @@ bind9-libs bsdutils bzip2 ca-certificates -ca-certificates-java +ca-certificates-java (package status: config-files) coreutils curl dash From b74248903edcd57830cc02dbf2ff354b75a90208 Mon Sep 17 00:00:00 2001 From: Ed Morley <501702+edmorley@users.noreply.github.com> Date: Fri, 26 Apr 2024 15:22:07 +0100 Subject: [PATCH 08/25] Heroku-24: Migrate away from transitional packages (build image) (#292) This is the build image equivalent of #279. Several packages in the package install list for the build image are actually transitional packages - which provide backwards compatibility for packages that have since been renamed/replaced. Instead of depending on the old transitional package name, we should switch to the new names. Specifically: * [libidn11-dev](https://packages.ubuntu.com/noble/libidn11-dev) -> [libidn-dev](https://packages.ubuntu.com/noble/libidn-dev) * [libldap2-dev](https://packages.ubuntu.com/noble/libldap2-dev) -> [libldap-dev](https://packages.ubuntu.com/noble/libldap-dev) * [libncurses5-dev](https://packages.ubuntu.com/noble/libncurses5-dev) and [libncursesw5-dev](https://packages.ubuntu.com/noble/libncursesw5-dev) -> [libncurses-dev](https://packages.ubuntu.com/noble/libncurses-dev) This is a no-op in terms of actual libs/headers installed in the build image. GUS-W-15616760. --- heroku-24-build/installed-packages-amd64.txt | 2 -- heroku-24-build/setup.sh | 7 +++---- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/heroku-24-build/installed-packages-amd64.txt b/heroku-24-build/installed-packages-amd64.txt index 2aa1d96e..6458c030 100644 --- a/heroku-24-build/installed-packages-amd64.txt +++ b/heroku-24-build/installed-packages-amd64.txt @@ -245,7 +245,6 @@ libice6 libicu-dev libicu74 libidn-dev -libidn11-dev libidn12 libidn2-0 libidn2-dev @@ -282,7 +281,6 @@ liblcms2-2 liblcms2-dev libldap-dev libldap2 -libldap2-dev liblerc-dev liblerc4 liblmdb0 diff --git a/heroku-24-build/setup.sh b/heroku-24-build/setup.sh index 4f6fb8f7..3c08b600 100755 --- a/heroku-24-build/setup.sh +++ b/heroku-24-build/setup.sh @@ -38,12 +38,12 @@ packages=( libgnutls28-dev libheif-dev libicu-dev - libidn11-dev + libidn-dev libjpeg-dev libkeyutils-dev libkmod-dev libkrb5-dev - libldap2-dev + libldap-dev liblz4-dev liblzf-dev libmagic-dev @@ -51,8 +51,7 @@ packages=( libmcrypt-dev libmemcached-dev libmysqlclient-dev - libncurses5-dev - libncursesw5-dev + libncurses-dev libnetpbm10-dev libonig-dev libpam0g-dev From d6282127688c229da914b1f2ba171c3515246a43 Mon Sep 17 00:00:00 2001 From: Ed Morley <501702+edmorley@users.noreply.github.com> Date: Fri, 26 Apr 2024 15:28:29 +0100 Subject: [PATCH 09/25] Heroku-24: Omit transitive deps from package install list (build image) (#293) This is the build image equivalent of #285. Several of the packages in the list of packages to install in the build image are actually already transitive dependencies of other packages. For packages that we absolutely need regardless, it makes sense to still include these transitive deps explicitly in the list. However, some of the transitive deps are actually packages we wouldn't choose to install if they weren't already a dependency of something else. This change omits such entries. This change is a no-op in terms of the final images (note how there is no change to the generated `installed-packages-*.txt` lists), but makes it easier to follow/audit the remaining packages in the list. GUS-W-15159536. --- heroku-24-build/setup.sh | 5 ----- 1 file changed, 5 deletions(-) diff --git a/heroku-24-build/setup.sh b/heroku-24-build/setup.sh index 3c08b600..e594a595 100755 --- a/heroku-24-build/setup.sh +++ b/heroku-24-build/setup.sh @@ -17,7 +17,6 @@ packages=( libacl1-dev libapt-pkg-dev libargon2-dev - libattr1-dev libaudit-dev libbsd-dev libbz2-dev @@ -34,7 +33,6 @@ packages=( libgd-dev libgdbm-dev libgeoip-dev - libglib2.0-dev libgnutls28-dev libheif-dev libicu-dev @@ -51,17 +49,14 @@ packages=( libmcrypt-dev libmemcached-dev libmysqlclient-dev - libncurses-dev libnetpbm10-dev libonig-dev - libpam0g-dev libpopt-dev libpq-dev librabbitmq-dev libreadline-dev librtmp-dev libseccomp-dev - libselinux1-dev libsemanage-dev libsodium-dev libssl-dev From 3fbc5e7b4d6c8138676c923f581ced8f0d4ffcb8 Mon Sep 17 00:00:00 2001 From: Ed Morley <501702+edmorley@users.noreply.github.com> Date: Fri, 26 Apr 2024 15:59:32 +0100 Subject: [PATCH 10/25] Heroku-24: Re-sync ARM64 package lists (#294) This regenerates the ARM64 packages list to match reality after #292. CI unfortunately didn't catch this, since it currently only validates the AMD64 list due to (a) the limitations around Docker on Linux not supporting the containerd snapshotter and so multi-arch images, and (b) the fact CI currently builds both architectures on the same machine. Also, the reason my running the build generation script locally didn't update the ARM64 manifests, is that when I'm image size benchmarking I sadly have to disable the containerd snapshotter since it has broken image size calculations. With the current build scripts for this repo, that results in only AMD64 being generated locally. GUS-W-15616760. --- heroku-24-build/installed-packages-arm64.txt | 2 -- 1 file changed, 2 deletions(-) diff --git a/heroku-24-build/installed-packages-arm64.txt b/heroku-24-build/installed-packages-arm64.txt index bc4da84c..4a49ce68 100644 --- a/heroku-24-build/installed-packages-arm64.txt +++ b/heroku-24-build/installed-packages-arm64.txt @@ -238,7 +238,6 @@ libice6 libicu-dev libicu74 libidn-dev -libidn11-dev libidn12 libidn2-0 libidn2-dev @@ -275,7 +274,6 @@ liblcms2-2 liblcms2-dev libldap-dev libldap2 -libldap2-dev liblerc-dev liblerc4 liblmdb0 From 57678b0bf1f5eaeb4ba1a27392546be171bce39d Mon Sep 17 00:00:00 2001 From: Ed Morley <501702+edmorley@users.noreply.github.com> Date: Fri, 26 Apr 2024 19:23:40 +0100 Subject: [PATCH 11/25] Heroku-24: Remove `apt-utils` and `rename` (#295) Since: - `apt-utils` is only needed for an optional UX improvement for interactive APT workflows, so isn't needed in a container context. See: https://unix.stackexchange.com/a/629114 - `rename` provides the commands `file-rename` and `prename`, which are pretty obscure and not something that many/any apps will be using at run-time (and have zero hits in GitHub code search across all of our repos) GUS-W-15159536. --- heroku-24-build/installed-packages-amd64.txt | 2 -- heroku-24-build/installed-packages-arm64.txt | 2 -- heroku-24/installed-packages-amd64.txt | 2 -- heroku-24/installed-packages-arm64.txt | 2 -- heroku-24/setup.sh | 2 -- 5 files changed, 10 deletions(-) diff --git a/heroku-24-build/installed-packages-amd64.txt b/heroku-24-build/installed-packages-amd64.txt index 6458c030..6181401d 100644 --- a/heroku-24-build/installed-packages-amd64.txt +++ b/heroku-24-build/installed-packages-amd64.txt @@ -1,7 +1,6 @@ # List of packages present in the final image. Regenerate using bin/build.sh adduser apt -apt-utils autoconf automake autotools-dev @@ -546,7 +545,6 @@ python3-setuptools python3.12 python3.12-minimal readline-common -rename rpcsvc-proto rsync sed diff --git a/heroku-24-build/installed-packages-arm64.txt b/heroku-24-build/installed-packages-arm64.txt index 4a49ce68..d5e032fd 100644 --- a/heroku-24-build/installed-packages-arm64.txt +++ b/heroku-24-build/installed-packages-arm64.txt @@ -1,7 +1,6 @@ # List of packages present in the final image. Regenerate using bin/build.sh adduser apt -apt-utils autoconf automake autotools-dev @@ -533,7 +532,6 @@ python3-packaging python3.12 python3.12-minimal readline-common -rename rpcsvc-proto rsync sed diff --git a/heroku-24/installed-packages-amd64.txt b/heroku-24/installed-packages-amd64.txt index e9b7ff21..d9f8f8ab 100644 --- a/heroku-24/installed-packages-amd64.txt +++ b/heroku-24/installed-packages-amd64.txt @@ -1,7 +1,6 @@ # List of packages present in the final image. Regenerate using bin/build.sh adduser apt -apt-utils base-files base-passwd bash @@ -301,7 +300,6 @@ postgresql-client-16 postgresql-client-common procps readline-common -rename rsync sed sensible-utils diff --git a/heroku-24/installed-packages-arm64.txt b/heroku-24/installed-packages-arm64.txt index e9b7ff21..d9f8f8ab 100644 --- a/heroku-24/installed-packages-arm64.txt +++ b/heroku-24/installed-packages-arm64.txt @@ -1,7 +1,6 @@ # List of packages present in the final image. Regenerate using bin/build.sh adduser apt -apt-utils base-files base-passwd bash @@ -301,7 +300,6 @@ postgresql-client-16 postgresql-client-common procps readline-common -rename rsync sed sensible-utils diff --git a/heroku-24/setup.sh b/heroku-24/setup.sh index 6601df90..d3f96edf 100755 --- a/heroku-24/setup.sh +++ b/heroku-24/setup.sh @@ -38,7 +38,6 @@ apt-get update --error-on=any apt-get upgrade -y --no-install-recommends packages=( - apt-utils # For dig, host and nslookup. bind9-dnsutils bzip2 @@ -105,7 +104,6 @@ packages=( patch poppler-utils postgresql-client-16 - rename rsync socat tar From 31ab18cb42cf61486726c2ff4e142dff98a010f7 Mon Sep 17 00:00:00 2001 From: Ed Morley <501702+edmorley@users.noreply.github.com> Date: Tue, 30 Apr 2024 20:42:19 +0100 Subject: [PATCH 12/25] Heroku-24: Add more comments to the list of packages to install (#297) Previously there was no explanation as to why most of the packages being installed were included in the images. This adds an initial round of comments based on a combination of: - `ldd` scans of runtimes/deps of built getting-started guide apps (plus in the case of PHP, an app set up by David that has all PHP extensions enabled) - searching through Git history/GitHub PRs for this repo - GitHub code-search of other `heroku` repos, incl non-official-language Heroku buildpacks - my knowledge of the Heroku platform It's not fully complete, but is better than what we had before :-) GUS-W-15616780. --- heroku-24-build/setup.sh | 9 ++--- heroku-24/setup.sh | 86 ++++++++++++++++++++-------------------- 2 files changed, 45 insertions(+), 50 deletions(-) diff --git a/heroku-24-build/setup.sh b/heroku-24-build/setup.sh index e594a595..78730f97 100755 --- a/heroku-24-build/setup.sh +++ b/heroku-24-build/setup.sh @@ -8,10 +8,9 @@ packages=( autoconf automake bison - # Includes gcc, g++, make, patch, libc6-dev etc. - build-essential + build-essential # Includes gcc, g++, make, patch, libc6-dev etc. cmake - gettext + gettext # Internationalization utils used by Django, Rails etc. git jq libacl1-dev @@ -71,9 +70,7 @@ packages=( libzip-dev libzstd-dev patchelf - # Python is often needed during the build for non-Python apps, which aren't using the - # Python buildpack. e.g. Node.js packages that use node-gyp require Python during install. - python3 + python3 # Often needed during the building of non-Python apps. e.g. For Node.js packages that use node-gyp. zlib1g-dev ) diff --git a/heroku-24/setup.sh b/heroku-24/setup.sh index d3f96edf..bf515675 100755 --- a/heroku-24/setup.sh +++ b/heroku-24/setup.sh @@ -38,72 +38,70 @@ apt-get update --error-on=any apt-get upgrade -y --no-install-recommends packages=( - # For dig, host and nslookup. - bind9-dnsutils + bind9-dnsutils # For `dig`, `host` and `nslookup`. bzip2 curl file geoip-database - gettext-base - gir1.2-harfbuzz-0.0 + gettext-base # For `envsubst`. + gir1.2-harfbuzz-0.0 # Used by FFmpeg in heroku-buildpack-activestorage-preview. gnupg imagemagick inetutils-telnet - iproute2 + iproute2 # For `ip`, used by Heroku Exec. iputils-tracepath less - libargon2-1 - libass9 - libc-client2007e - libdav1d7 + libargon2-1 # Used by the PHP runtime. + libass9 # Used by FFmpeg in heroku-buildpack-activestorage-preview. + libc-client2007e # Used by the PHP IMAP extension. + libdav1d7 # Used by FFmpeg in heroku-buildpack-activestorage-preview. libev4 - libevent-2.1-7 - libevent-core-2.1-7 - libevent-extra-2.1-7 - libevent-openssl-2.1-7 + libevent-2.1-7 # Used by PgBouncer in heroku-buildpack-pgbouncer. + libevent-core-2.1-7 # Used by the PHP Event extension. + libevent-extra-2.1-7 # Used by the PHP Event extension. + libevent-openssl-2.1-7 # Used by the PHP Event extension. libevent-pthreads-2.1-7 libgd3 libgdk-pixbuf-2.0-0 libgnutls-openssl27 - libgnutls30 - libharfbuzz-icu0 - liblzf1 - libmagickcore-6.q16-7-extra + libgnutls30 # Used by the Ruby and PHP runtimes. + libharfbuzz-icu0 # Used by FFmpeg in heroku-buildpack-activestorage-preview. + liblzf1 # Used by the PHP Redis extension. + libmagickcore-6.q16-7-extra # Used by the PHP Imagick extension (using the `-extra` package for SVG support). libmcrypt4 - libmemcached11 - libmp3lame0 + libmemcached11 # Used by the PHP Memcached extension. + libmp3lame0 # Used by FFmpeg in heroku-buildpack-activestorage-preview. libmysqlclient21 - libonig5 - libopencore-amrnb0 - libopencore-amrwb0 - libopus0 - librabbitmq4 + libonig5 # Used by the PHP runtime. + libopencore-amrnb0 # Used by FFmpeg in heroku-buildpack-activestorage-preview. + libopencore-amrwb0 # Used by FFmpeg in heroku-buildpack-activestorage-preview. + libopus0 # Used by FFmpeg in heroku-buildpack-activestorage-preview. + librabbitmq4 # Used by the PHP AMQP extension. librsvg2-common - libsasl2-modules - libsodium23 - libspeex1 - libsvtav1enc1d1 - libtheora0 + libsasl2-modules # Used by the Ruby and PHP runtimes. + libsodium23 # Used by the PHP runtime. + libspeex1 # Used by FFmpeg in heroku-buildpack-activestorage-preview. + libsvtav1enc1d1 # Used by FFmpeg in heroku-buildpack-activestorage-preview. + libtheora0 # Used by FFmpeg in heroku-buildpack-activestorage-preview. libuv1 - libvips42 - libvorbisenc2 - libvorbisfile3 - libvpx9 - libx264-164 - libx265-199 - libxslt1.1 - libyaml-0-2 - libzip4 + libvips42 # Used by the ruby-vips gem / Rails Active Storage Previews. + libvorbisenc2 # Used by FFmpeg in heroku-buildpack-activestorage-preview. + libvorbisfile3 # Used by FFmpeg in heroku-buildpack-activestorage-preview. + libvpx9 # Used by FFmpeg in heroku-buildpack-activestorage-preview. + libx264-164 # Used by FFmpeg in heroku-buildpack-activestorage-preview. + libx265-199 # Used by FFmpeg in heroku-buildpack-activestorage-preview. + libxslt1.1 # Used by the PHP runtime. + libyaml-0-2 # Used by the Ruby runtime. + libzip4 # Used by the PHP runtime. locales lsb-release - # Nano is more usable than ed but still much smaller than vim. - nano + nano # More usable than ed but still much smaller than vim. netcat-openbsd - openssh-client - openssh-server + openssh-client # Used by Heroku Exec. + openssh-server # Used by Heroku Exec. patch - poppler-utils - postgresql-client-16 + poppler-utils # For Rails Active Storage Previews PDF support. + postgresql-client-16 # We need `psql` (and not just libpq) for Shield DB workflows (where connections are only possible from the dyno). rsync socat tar From 018ddfadf1985a31dcd900181ef55ceeb22a379b Mon Sep 17 00:00:00 2001 From: Ed Morley <501702+edmorley@users.noreply.github.com> Date: Sun, 5 May 2024 23:20:45 +0100 Subject: [PATCH 13/25] Heroku-24: Remove unnecessary headers from build image (#296) * Heroku-24: Remove unnecessary packages from build image A number of development packages currently being installed in the build image are actually for use-case that either do not make sense in a container context, or are not used by the dependencies of the app itself (we only need libs for app dependencies, not for the compiling runtimes themselves use-case). Many of these packages have been simply been copy-pasted from one new stack to the next, even though they are not actually needed in the image. As such, the following have been removed from the build image: - `libacl1-dev`: Used for the management of POSIX Access Control Lists. Whilst many Linux system tools use `libacl` (including `coreutils`), app dependencies won't be typically linking against it, so we don't need the headers for it. - `libapt-pkg-dev`: Development files for APT's `libapt-pkg` and `libapt-inst`. Neither our buildpacks nor apps need to link against `libapt` since they use the `apt` CLI instead. - `libaudit-dev`: For Linux Audit, whose `libaudit` is used by things like the `login` command, but otherwise not typically needed for app dependencies to link against. - `libcap-dev`: For management of POSIX 1003.1e capabilities, an alternative to the superuser model of privilege under Linux. Not something needed for app dependencies to link against. - `libkeyutils-dev`: For the management of keys in the kernel. Not useful in a non-root container context. - `libkmod-dev`: For the management of Linux Kernel modules. Not useful in a non-root container context. Also, the `libkmod` lib is not present in the run image, so this wouldn't be usable at runtime anyway. - `libpopt-dev`: For parsing cmdline parameters. Whilst many Linux system tools use `libpopt`, app dependencies won't be typically linking against it, so we don't need the headers for it. - `libreadline-dev`: Provides functionality for entering text in interactive scenarios, and the management of terminal history. Whilst many tools/runtimes will use the library, application dependencies themselves won't typically link against it, so we don't need the headers for it in the build image. (See note below about compiling runtimes.) - `libseccomp-dev`: Provides a high level interface to Linux seccomp filter. Was added in #105 to support a demo of an internal project that has since been abandoned (see https://github.com/heroku/build-team/issues/83). IMO this demo use-case should instead have used the APT buildpack instead of requesting addition to the base image while experimenting. - `libsemanage-dev`: For SELinux policy manipulation. This is not something app dependencies typically ever need to link against. - `libsystemd-dev`: Development files for SystemD. Not typically needed in a container context, plus not something app dependencies typically ever need to link against. Also, the `libsystemd0` lib is not present in the run image, so this wouldn't be usable at runtime anyway. - `libudev-dev`: For enumerating and introspecting local devices. Not useful in a container context. Note: For use-cases like compiling Python/Ruby/PHP binaries for upload to S3, any required headers (such as `libreadline-dev`) that aren't also needed for *application* dependencies should instead be installed in the image being used to compile those binaries, rather than being included in the build image here. GUS-W-15159536. * Add `libncurses6` to the run image Since it was present in Heroku-22 via a transitive dependency, but no longer pulled in on Heroku-24. --- heroku-24-build/installed-packages-amd64.txt | 16 ---------------- heroku-24-build/installed-packages-arm64.txt | 16 ---------------- heroku-24-build/setup.sh | 12 ------------ heroku-24/installed-packages-amd64.txt | 1 + heroku-24/installed-packages-arm64.txt | 1 + heroku-24/setup.sh | 1 + 6 files changed, 3 insertions(+), 44 deletions(-) diff --git a/heroku-24-build/installed-packages-amd64.txt b/heroku-24-build/installed-packages-amd64.txt index 6181401d..f62d3fdb 100644 --- a/heroku-24-build/installed-packages-amd64.txt +++ b/heroku-24-build/installed-packages-amd64.txt @@ -93,11 +93,9 @@ keyboxd krb5-multidev less libacl1 -libacl1-dev libaec0 libaom-dev libaom3 -libapt-pkg-dev libapt-pkg6.0t64 libarchive13t64 libargon2-1 @@ -107,9 +105,7 @@ libass9 libassuan0 libatomic1 libattr1 -libattr1-dev libaudit-common -libaudit-dev libaudit1 libbinutils libblkid-dev @@ -131,8 +127,6 @@ libcairo-gobject2 libcairo-script-interpreter2 libcairo2 libcairo2-dev -libcap-dev -libcap-ng-dev libcap-ng0 libcap2 libcap2-bin @@ -268,10 +262,7 @@ libk5crypto3 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 -libkeyutils-dev libkeyutils1 -libkmod-dev -libkmod2 libkrb5-3 libkrb5-dev libkrb5support0 @@ -324,7 +315,6 @@ libmpc3 libmpfr6 libmysqlclient-dev libmysqlclient21 -libncurses-dev libncurses6 libncursesw6 libnetpbm11t64 @@ -368,7 +358,6 @@ libpng-dev libpng16-16t64 libpoppler-glib8t64 libpoppler134 -libpopt-dev libpopt0 libpq-dev libpq5 @@ -382,7 +371,6 @@ libquadmath0 librabbitmq-dev librabbitmq4 libraw23t64 -libreadline-dev libreadline8t64 librhash0 librsvg2-2 @@ -394,12 +382,10 @@ libsasl2-2 libsasl2-dev libsasl2-modules libsasl2-modules-db -libseccomp-dev libseccomp2 libselinux1 libselinux1-dev libsemanage-common -libsemanage-dev libsemanage2 libsepol-dev libsepol2 @@ -421,7 +407,6 @@ libssl3t64 libstdc++-13-dev libstdc++6 libsvtav1enc1d1 -libsystemd-dev libsystemd0 libsz2 libtasn1-6 @@ -438,7 +423,6 @@ libtirpc3t64 libtool libtsan2 libubsan1 -libudev-dev libudev1 libunbound8 libunibreak5 diff --git a/heroku-24-build/installed-packages-arm64.txt b/heroku-24-build/installed-packages-arm64.txt index d5e032fd..be525658 100644 --- a/heroku-24-build/installed-packages-arm64.txt +++ b/heroku-24-build/installed-packages-arm64.txt @@ -89,11 +89,9 @@ keyboxd krb5-multidev less libacl1 -libacl1-dev libaec0 libaom-dev libaom3 -libapt-pkg-dev libapt-pkg6.0t64 libarchive13t64 libargon2-1 @@ -103,9 +101,7 @@ libass9 libassuan0 libatomic1 libattr1 -libattr1-dev libaudit-common -libaudit-dev libaudit1 libbinutils libblkid-dev @@ -127,8 +123,6 @@ libcairo-gobject2 libcairo-script-interpreter2 libcairo2 libcairo2-dev -libcap-dev -libcap-ng-dev libcap-ng0 libcap2 libcap2-bin @@ -261,10 +255,7 @@ libk5crypto3 libkadm5clnt-mit12 libkadm5srv-mit12 libkdb5-10t64 -libkeyutils-dev libkeyutils1 -libkmod-dev -libkmod2 libkrb5-3 libkrb5-dev libkrb5support0 @@ -317,7 +308,6 @@ libmpc3 libmpfr6 libmysqlclient-dev libmysqlclient21 -libncurses-dev libncurses6 libncursesw6 libnetpbm11t64 @@ -361,7 +351,6 @@ libpng-dev libpng16-16t64 libpoppler-glib8t64 libpoppler134 -libpopt-dev libpopt0 libpq-dev libpq5 @@ -374,7 +363,6 @@ libpython3.12-stdlib librabbitmq-dev librabbitmq4 libraw23t64 -libreadline-dev libreadline8t64 librhash0 librsvg2-2 @@ -386,12 +374,10 @@ libsasl2-2 libsasl2-dev libsasl2-modules libsasl2-modules-db -libseccomp-dev libseccomp2 libselinux1 libselinux1-dev libsemanage-common -libsemanage-dev libsemanage2 libsepol-dev libsepol2 @@ -413,7 +399,6 @@ libssl3t64 libstdc++-13-dev libstdc++6 libsvtav1enc1d1 -libsystemd-dev libsystemd0 libsz2 libtasn1-6 @@ -430,7 +415,6 @@ libtirpc3t64 libtool libtsan2 libubsan1 -libudev-dev libudev1 libunbound8 libunibreak5 diff --git a/heroku-24-build/setup.sh b/heroku-24-build/setup.sh index 78730f97..9bcd6976 100755 --- a/heroku-24-build/setup.sh +++ b/heroku-24-build/setup.sh @@ -13,15 +13,11 @@ packages=( gettext # Internationalization utils used by Django, Rails etc. git jq - libacl1-dev - libapt-pkg-dev libargon2-dev - libaudit-dev libbsd-dev libbz2-dev libc-client2007e-dev libcairo2-dev - libcap-dev libcurl4-openssl-dev libdb-dev libev-dev @@ -37,8 +33,6 @@ packages=( libicu-dev libidn-dev libjpeg-dev - libkeyutils-dev - libkmod-dev libkrb5-dev libldap-dev liblz4-dev @@ -50,18 +44,12 @@ packages=( libmysqlclient-dev libnetpbm10-dev libonig-dev - libpopt-dev libpq-dev librabbitmq-dev - libreadline-dev librtmp-dev - libseccomp-dev - libsemanage-dev libsodium-dev libssl-dev - libsystemd-dev libtool - libudev-dev libuv1-dev libwrap0-dev libxml2-dev diff --git a/heroku-24/installed-packages-amd64.txt b/heroku-24/installed-packages-amd64.txt index d9f8f8ab..7830049c 100644 --- a/heroku-24/installed-packages-amd64.txt +++ b/heroku-24/installed-packages-amd64.txt @@ -170,6 +170,7 @@ libmnl0 libmount1 libmp3lame0 libmysqlclient21 +libncurses6 libncursesw6 libnettle8t64 libnghttp2-14 diff --git a/heroku-24/installed-packages-arm64.txt b/heroku-24/installed-packages-arm64.txt index d9f8f8ab..7830049c 100644 --- a/heroku-24/installed-packages-arm64.txt +++ b/heroku-24/installed-packages-arm64.txt @@ -170,6 +170,7 @@ libmnl0 libmount1 libmp3lame0 libmysqlclient21 +libncurses6 libncursesw6 libnettle8t64 libnghttp2-14 diff --git a/heroku-24/setup.sh b/heroku-24/setup.sh index bf515675..fc921884 100755 --- a/heroku-24/setup.sh +++ b/heroku-24/setup.sh @@ -72,6 +72,7 @@ packages=( libmemcached11 # Used by the PHP Memcached extension. libmp3lame0 # Used by FFmpeg in heroku-buildpack-activestorage-preview. libmysqlclient21 + libncurses6 # Used by the Ruby runtime. libonig5 # Used by the PHP runtime. libopencore-amrnb0 # Used by FFmpeg in heroku-buildpack-activestorage-preview. libopencore-amrwb0 # Used by FFmpeg in heroku-buildpack-activestorage-preview. From 3043e28c11ef219185904009c3e2b0d0d59bcbbd Mon Sep 17 00:00:00 2001 From: Ed Morley <501702+edmorley@users.noreply.github.com> Date: Tue, 7 May 2024 16:45:35 +0100 Subject: [PATCH 14/25] Heroku-24: Remove libmcrypt4 / libmcrypt-dev (#298) Since they were added in #149 only for the PHP buildpack's benefit, however, are no longer used by PHP as of PHP 7.2+: https://github.com/heroku/heroku-buildpack-php/commit/0ce0fc5567770a3a7a8a81fd6b27fb055a2034d2#diff-a8ff7bd14bd2bddfbf6e7c733a14badb0e7a4d566abbfd4d20948dfc998b6a87L59 The few bindings I could find for other langs are all (a) not popular, (b) in a state of disrepair, eg: https://github.com/tugrul/node-mcrypt (last commit 5 years ago) https://github.com/kingpong/ruby-mcrypt (last commit 7 years ago) (Which is not surprising given much better alternatives exist, such as Sodium, which is already in the base image.) GUS-W-15159536. --- heroku-24-build/installed-packages-amd64.txt | 2 -- heroku-24-build/installed-packages-arm64.txt | 2 -- heroku-24-build/setup.sh | 1 - heroku-24/installed-packages-amd64.txt | 1 - heroku-24/installed-packages-arm64.txt | 1 - heroku-24/setup.sh | 1 - 6 files changed, 8 deletions(-) diff --git a/heroku-24-build/installed-packages-amd64.txt b/heroku-24-build/installed-packages-amd64.txt index f62d3fdb..c3ae7257 100644 --- a/heroku-24-build/installed-packages-amd64.txt +++ b/heroku-24-build/installed-packages-amd64.txt @@ -300,8 +300,6 @@ libmagickwand-6.q16-dev libmagickwand-dev libmatio11 libmaxminddb0 -libmcrypt-dev -libmcrypt4 libmd-dev libmd0 libmemcached-dev diff --git a/heroku-24-build/installed-packages-arm64.txt b/heroku-24-build/installed-packages-arm64.txt index be525658..dc8f8367 100644 --- a/heroku-24-build/installed-packages-arm64.txt +++ b/heroku-24-build/installed-packages-arm64.txt @@ -293,8 +293,6 @@ libmagickwand-6.q16-dev libmagickwand-dev libmatio11 libmaxminddb0 -libmcrypt-dev -libmcrypt4 libmd-dev libmd0 libmemcached-dev diff --git a/heroku-24-build/setup.sh b/heroku-24-build/setup.sh index 9bcd6976..3c596542 100755 --- a/heroku-24-build/setup.sh +++ b/heroku-24-build/setup.sh @@ -39,7 +39,6 @@ packages=( liblzf-dev libmagic-dev libmagickwand-dev - libmcrypt-dev libmemcached-dev libmysqlclient-dev libnetpbm10-dev diff --git a/heroku-24/installed-packages-amd64.txt b/heroku-24/installed-packages-amd64.txt index 7830049c..316500a3 100644 --- a/heroku-24/installed-packages-amd64.txt +++ b/heroku-24/installed-packages-amd64.txt @@ -163,7 +163,6 @@ libmagickcore-6.q16-7t64 libmagickwand-6.q16-7t64 libmatio11 libmaxminddb0 -libmcrypt4 libmd0 libmemcached11t64 libmnl0 diff --git a/heroku-24/installed-packages-arm64.txt b/heroku-24/installed-packages-arm64.txt index 7830049c..316500a3 100644 --- a/heroku-24/installed-packages-arm64.txt +++ b/heroku-24/installed-packages-arm64.txt @@ -163,7 +163,6 @@ libmagickcore-6.q16-7t64 libmagickwand-6.q16-7t64 libmatio11 libmaxminddb0 -libmcrypt4 libmd0 libmemcached11t64 libmnl0 diff --git a/heroku-24/setup.sh b/heroku-24/setup.sh index fc921884..29e98544 100755 --- a/heroku-24/setup.sh +++ b/heroku-24/setup.sh @@ -68,7 +68,6 @@ packages=( libharfbuzz-icu0 # Used by FFmpeg in heroku-buildpack-activestorage-preview. liblzf1 # Used by the PHP Redis extension. libmagickcore-6.q16-7-extra # Used by the PHP Imagick extension (using the `-extra` package for SVG support). - libmcrypt4 libmemcached11 # Used by the PHP Memcached extension. libmp3lame0 # Used by FFmpeg in heroku-buildpack-activestorage-preview. libmysqlclient21 From 9c46869951a6709869f95fa05f399f9552fa26f0 Mon Sep 17 00:00:00 2001 From: Ed Morley <501702+edmorley@users.noreply.github.com> Date: Wed, 8 May 2024 14:48:04 +0100 Subject: [PATCH 15/25] Heroku-24: Remove `geoip-database` / `libgeoip-dev` (#299) Since: * It's a niche package, that appears to only be installed since it was a transitive dependency of `dnsutils` in Cedar-14, which was then copied to Heroku-16 as an explicit dependency along with a number of others, when that stack was added. * The `libgeoip1` library (that is needed along with `geoip-database` to actually use it) has been missing from the run image since Heroku-20, and no one has noticed its absence. * It reduces the the run/build image sizes by ~10 MB. See: https://packages.ubuntu.com/noble/geoip-database https://packages.ubuntu.com/noble/libgeoip-dev Towards #266. GUS-W-15159536. --- heroku-24-build/installed-packages-amd64.txt | 4 ---- heroku-24-build/installed-packages-arm64.txt | 4 ---- heroku-24-build/setup.sh | 1 - heroku-24/installed-packages-amd64.txt | 1 - heroku-24/installed-packages-arm64.txt | 1 - heroku-24/setup.sh | 1 - 6 files changed, 12 deletions(-) diff --git a/heroku-24-build/installed-packages-amd64.txt b/heroku-24-build/installed-packages-amd64.txt index c3ae7257..9d414bce 100644 --- a/heroku-24-build/installed-packages-amd64.txt +++ b/heroku-24-build/installed-packages-amd64.txt @@ -52,8 +52,6 @@ gcc-13-base gcc-13-x86-64-linux-gnu gcc-14-base gcc-x86-64-linux-gnu -geoip-bin -geoip-database gettext gettext-base gir1.2-freedesktop @@ -195,8 +193,6 @@ libgdk-pixbuf-2.0-0 libgdk-pixbuf-2.0-dev libgdk-pixbuf2.0-bin libgdk-pixbuf2.0-common -libgeoip-dev -libgeoip1t64 libgirepository-1.0-1 libgirepository-1.0-dev libgirepository-2.0-0 diff --git a/heroku-24-build/installed-packages-arm64.txt b/heroku-24-build/installed-packages-arm64.txt index dc8f8367..83f9da00 100644 --- a/heroku-24-build/installed-packages-arm64.txt +++ b/heroku-24-build/installed-packages-arm64.txt @@ -52,8 +52,6 @@ gcc-13-aarch64-linux-gnu gcc-13-base gcc-14-base gcc-aarch64-linux-gnu -geoip-bin -geoip-database gettext gettext-base gir1.2-freedesktop @@ -191,8 +189,6 @@ libgdk-pixbuf-2.0-0 libgdk-pixbuf-2.0-dev libgdk-pixbuf2.0-bin libgdk-pixbuf2.0-common -libgeoip-dev -libgeoip1t64 libgirepository-2.0-0 libglib2.0-0t64 libglib2.0-bin diff --git a/heroku-24-build/setup.sh b/heroku-24-build/setup.sh index 3c596542..f21e3565 100755 --- a/heroku-24-build/setup.sh +++ b/heroku-24-build/setup.sh @@ -27,7 +27,6 @@ packages=( libgcrypt20-dev libgd-dev libgdbm-dev - libgeoip-dev libgnutls28-dev libheif-dev libicu-dev diff --git a/heroku-24/installed-packages-amd64.txt b/heroku-24/installed-packages-amd64.txt index 316500a3..297dd6f2 100644 --- a/heroku-24/installed-packages-amd64.txt +++ b/heroku-24/installed-packages-amd64.txt @@ -27,7 +27,6 @@ fontconfig-config fonts-dejavu-core fonts-dejavu-mono gcc-14-base -geoip-database gettext-base gir1.2-freedesktop gir1.2-glib-2.0 diff --git a/heroku-24/installed-packages-arm64.txt b/heroku-24/installed-packages-arm64.txt index 316500a3..297dd6f2 100644 --- a/heroku-24/installed-packages-arm64.txt +++ b/heroku-24/installed-packages-arm64.txt @@ -27,7 +27,6 @@ fontconfig-config fonts-dejavu-core fonts-dejavu-mono gcc-14-base -geoip-database gettext-base gir1.2-freedesktop gir1.2-glib-2.0 diff --git a/heroku-24/setup.sh b/heroku-24/setup.sh index 29e98544..71c559f8 100755 --- a/heroku-24/setup.sh +++ b/heroku-24/setup.sh @@ -42,7 +42,6 @@ packages=( bzip2 curl file - geoip-database gettext-base # For `envsubst`. gir1.2-harfbuzz-0.0 # Used by FFmpeg in heroku-buildpack-activestorage-preview. gnupg From 4b93228e00cfe43bcc29410e0bd7c8be8163a8be Mon Sep 17 00:00:00 2001 From: Ed Morley <501702+edmorley@users.noreply.github.com> Date: Wed, 8 May 2024 21:36:04 +0100 Subject: [PATCH 16/25] Improvements to Java certificates store creation (#300) Even though the base images intentionally don't ship with a JRE, we include the Java certificates store in the image, so that the JVM buildpacks can configure Java apps to use it instead of the one that ships in each JRE release. This allows the Java certs store to be updated via base image updates, like the non-Java `ca-certificates` package. For older Ubuntu versions, the `ca-certificates-java` package explicitly depended on a JRE, meaning we had to install both a JRE and `ca-certificates-java`, then remove both in a way that left the certs store (which is generated via a post-install trigger) behind. This leaves the package in a "removed but not purged" state, which can be seen via the `package status: config-files` in `installed-packages*.txt`. However, as of Ubuntu 24.04, the `ca-certificates-java` package no longer has an explicit dependency on a JRE, meaning we can remove the JRE without causing `ca-certificates-java` to be uninstalled transitively. As such for Heroku-24, the `apt-get remove ca-certificates-java` step can be removed. In addition, the upstream java certs store JKS vs PKCS12 format bug (that was the reason the JRE version was pinned to v8) has long since been fixed (in 2018), so for Heroku-24 we can safely switch back to using `default-jre-headless` (which for Ubuntu 24.04 maps to JRE v21). Lastly, for Heroku-20/22 I've backported some of the no-op comment /command streamlining improvements (but otherwise the changes there are a no-op). GUS-W-15713117. --- heroku-20/setup.sh | 21 ++++++++++++-------- heroku-22/setup.sh | 21 ++++++++++++-------- heroku-24-build/installed-packages-amd64.txt | 2 +- heroku-24-build/installed-packages-arm64.txt | 2 +- heroku-24/installed-packages-amd64.txt | 2 +- heroku-24/installed-packages-arm64.txt | 2 +- heroku-24/setup.sh | 21 ++++++++++---------- 7 files changed, 41 insertions(+), 30 deletions(-) diff --git a/heroku-20/setup.sh b/heroku-20/setup.sh index e11f90d2..ddf7c7a4 100755 --- a/heroku-20/setup.sh +++ b/heroku-20/setup.sh @@ -157,16 +157,21 @@ apt-get install -y --no-install-recommends "${packages[@]}" cp /build/imagemagick-policy.xml /etc/ImageMagick-6/policy.xml -# Temporarily install ca-certificates-java to generate the certificates store used -# by Java apps. Generation occurs in a post-install script which requires a JRE. -# We're using OpenJDK 8 rather than something newer, to work around: -# https://github.com/heroku/base-images/pull/103#issuecomment-389544431 +# Install ca-certificates-java so that the JVM buildpacks can configure Java apps to use the Java certs +# store in the base image instead of the one that ships in each JRE release, allowing certs to be updated +# via base image updates. Generation of the `cacerts` file occurs in a post-install script which requires +# a JRE, however, we don't want a JRE in the final image so remove it afterwards. apt-get install -y --no-install-recommends ca-certificates-java openjdk-8-jre-headless -# Using remove rather than purge so that the generated certs are left behind. +# For Ubuntu versions prior to 24.04 the ca-certificates-java package has a direct dependency on a JRE, so +# we can't remove the JRE without also removing ca-certificates-java. However, we can work around this by +# not using `--purge` when removing ca-certificates-java, which leaves behind the generated certs store. apt-get remove -y ca-certificates-java -apt-get purge -y openjdk-8-jre-headless -apt-get autoremove -y --purge -test "$(file -b /etc/ssl/certs/java/cacerts)" = "Java KeyStore" +apt-get remove -y --purge --auto-remove openjdk-8-jre-headless +# Check that the certs store (a) wasn't purged during removal of ca-certificates-java, (b) uses the JKS +# format not PKCS12, since in the past there was an upstream regression for this: +# https://github.com/heroku/base-images/pull/103#issuecomment-389544431 +# https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1771363 +test "$(file --brief /etc/ssl/certs/java/cacerts)" = "Java KeyStore" rm -rf /root/* rm -rf /tmp/* diff --git a/heroku-22/setup.sh b/heroku-22/setup.sh index cda1bb7e..8d6acabb 100755 --- a/heroku-22/setup.sh +++ b/heroku-22/setup.sh @@ -159,16 +159,21 @@ apt-get install -y --no-install-recommends "${packages[@]}" cp /build/imagemagick-policy.xml /etc/ImageMagick-6/policy.xml -# Temporarily install ca-certificates-java to generate the certificates store used -# by Java apps. Generation occurs in a post-install script which requires a JRE. -# We're using OpenJDK 8 rather than something newer, to work around: -# https://github.com/heroku/base-images/pull/103#issuecomment-389544431 +# Install ca-certificates-java so that the JVM buildpacks can configure Java apps to use the Java certs +# store in the base image instead of the one that ships in each JRE release, allowing certs to be updated +# via base image updates. Generation of the `cacerts` file occurs in a post-install script which requires +# a JRE, however, we don't want a JRE in the final image so remove it afterwards. apt-get install -y --no-install-recommends ca-certificates-java openjdk-8-jre-headless -# Using remove rather than purge so that the generated certs are left behind. +# For Ubuntu versions prior to 24.04 the ca-certificates-java package has a direct dependency on a JRE, so +# we can't remove the JRE without also removing ca-certificates-java. However, we can work around this by +# not using `--purge` when removing ca-certificates-java, which leaves behind the generated certs store. apt-get remove -y ca-certificates-java -apt-get purge -y openjdk-8-jre-headless -apt-get autoremove -y --purge -test "$(file -b /etc/ssl/certs/java/cacerts)" = "Java KeyStore" +apt-get remove -y --purge --auto-remove openjdk-8-jre-headless +# Check that the certs store (a) wasn't purged during removal of ca-certificates-java, (b) uses the JKS +# format not PKCS12, since in the past there was an upstream regression for this: +# https://github.com/heroku/base-images/pull/103#issuecomment-389544431 +# https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1771363 +test "$(file --brief /etc/ssl/certs/java/cacerts)" = "Java KeyStore" rm -rf /root/* rm -rf /tmp/* diff --git a/heroku-24-build/installed-packages-amd64.txt b/heroku-24-build/installed-packages-amd64.txt index 9d414bce..ddc52cb7 100644 --- a/heroku-24-build/installed-packages-amd64.txt +++ b/heroku-24-build/installed-packages-amd64.txt @@ -18,7 +18,7 @@ bsdutils build-essential bzip2 ca-certificates -ca-certificates-java (package status: config-files) +ca-certificates-java cmake cmake-data comerr-dev diff --git a/heroku-24-build/installed-packages-arm64.txt b/heroku-24-build/installed-packages-arm64.txt index 83f9da00..23944b9f 100644 --- a/heroku-24-build/installed-packages-arm64.txt +++ b/heroku-24-build/installed-packages-arm64.txt @@ -18,7 +18,7 @@ bsdutils build-essential bzip2 ca-certificates -ca-certificates-java (package status: config-files) +ca-certificates-java cmake cmake-data comerr-dev diff --git a/heroku-24/installed-packages-amd64.txt b/heroku-24/installed-packages-amd64.txt index 297dd6f2..bde28d72 100644 --- a/heroku-24/installed-packages-amd64.txt +++ b/heroku-24/installed-packages-amd64.txt @@ -10,7 +10,7 @@ bind9-libs bsdutils bzip2 ca-certificates -ca-certificates-java (package status: config-files) +ca-certificates-java coreutils curl dash diff --git a/heroku-24/installed-packages-arm64.txt b/heroku-24/installed-packages-arm64.txt index 297dd6f2..bde28d72 100644 --- a/heroku-24/installed-packages-arm64.txt +++ b/heroku-24/installed-packages-arm64.txt @@ -10,7 +10,7 @@ bind9-libs bsdutils bzip2 ca-certificates -ca-certificates-java (package status: config-files) +ca-certificates-java coreutils curl dash diff --git a/heroku-24/setup.sh b/heroku-24/setup.sh index 71c559f8..e768ed3a 100755 --- a/heroku-24/setup.sh +++ b/heroku-24/setup.sh @@ -119,16 +119,17 @@ apt-get install -y --no-install-recommends "${packages[@]}" # https://github.com/docker-library/docs/blob/master/ubuntu/README.md#locales locale-gen en_US.UTF-8 -# Temporarily install ca-certificates-java to generate the certificates store used -# by Java apps. Generation occurs in a post-install script which requires a JRE. -# We're using OpenJDK 8 rather than something newer, to work around: -# https://github.com/heroku/stack-images/pull/103#issuecomment-389544431 -apt-get install -y --no-install-recommends ca-certificates-java openjdk-8-jre-headless -# Using remove rather than purge so that the generated certs are left behind. -apt-get remove -y ca-certificates-java -apt-get purge -y openjdk-8-jre-headless -apt-get autoremove -y --purge -test "$(file -b /etc/ssl/certs/java/cacerts)" = "Java KeyStore" +# Install ca-certificates-java so that the JVM buildpacks can configure Java apps to use the Java certs +# store in the base image instead of the one that ships in each JRE release, allowing certs to be updated +# via base image updates. Generation of the `cacerts` file occurs in a post-install script which only runs +# if a JRE is installed, however, we don't want a JRE in the final image so remove it afterwards. +apt-get install -y --no-install-recommends ca-certificates-java default-jre-headless +apt-get remove -y --purge --auto-remove default-jre-headless +# Check that the certs store (a) still exists after the removal of default-jre-headless, (b) uses the JKS +# format not PKCS12, since in the past there was an upstream regression for this: +# https://github.com/heroku/base-images/pull/103#issuecomment-389544431 +# https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1771363 +test "$(file --brief /etc/ssl/certs/java/cacerts)" = "Java KeyStore" # Ubuntu 24.04 ships with a default user and group named 'ubuntu' (with user+group ID of 1000) # that we have to remove before creating our own (`userdel` will remove the group too). From 47e44bafbac436fd1be411610ba5368b08445cd2 Mon Sep 17 00:00:00 2001 From: Ed Morley <501702+edmorley@users.noreply.github.com> Date: Mon, 13 May 2024 17:28:56 +0100 Subject: [PATCH 17/25] Heroku-24: Remove `libnetpbm10-dev` (#301) Since: - The `libnetpbm10-dev` package is actually an empty virtual package, - The runtime library it pulls in (`libnetpbm11`) isn't in any of our run images (all the way back to Heroku-18), meaning it's not actually usable at runtime anyway, and yet no one has reported its absence in the last 6 years. Towards #266. GUS-W-15159536. --- heroku-24-build/installed-packages-amd64.txt | 1 - heroku-24-build/installed-packages-arm64.txt | 1 - heroku-24-build/setup.sh | 1 - 3 files changed, 3 deletions(-) diff --git a/heroku-24-build/installed-packages-amd64.txt b/heroku-24-build/installed-packages-amd64.txt index ddc52cb7..2abcb061 100644 --- a/heroku-24-build/installed-packages-amd64.txt +++ b/heroku-24-build/installed-packages-amd64.txt @@ -311,7 +311,6 @@ libmysqlclient-dev libmysqlclient21 libncurses6 libncursesw6 -libnetpbm11t64 libnettle8t64 libnghttp2-14 libnpth0t64 diff --git a/heroku-24-build/installed-packages-arm64.txt b/heroku-24-build/installed-packages-arm64.txt index 23944b9f..806d8d10 100644 --- a/heroku-24-build/installed-packages-arm64.txt +++ b/heroku-24-build/installed-packages-arm64.txt @@ -304,7 +304,6 @@ libmysqlclient-dev libmysqlclient21 libncurses6 libncursesw6 -libnetpbm11t64 libnettle8t64 libnghttp2-14 libnpth0t64 diff --git a/heroku-24-build/setup.sh b/heroku-24-build/setup.sh index f21e3565..d3fb1300 100755 --- a/heroku-24-build/setup.sh +++ b/heroku-24-build/setup.sh @@ -40,7 +40,6 @@ packages=( libmagickwand-dev libmemcached-dev libmysqlclient-dev - libnetpbm10-dev libonig-dev libpq-dev librabbitmq-dev From 1f2e589eb71074ea9e332956bfdf468bbe52591a Mon Sep 17 00:00:00 2001 From: Ed Morley <501702+edmorley@users.noreply.github.com> Date: Mon, 13 May 2024 17:34:51 +0100 Subject: [PATCH 18/25] Heroku-24: Remove `libgcrypt20-dev` (#302) Since: - All of the language bindings I could find for it were unpopular and not actively maintained. For example: - Ruby: https://github.com/chrisliaw/gcrypt (last commit 3 years ago, 0 stars, not published to rubygems.org) - Python: https://framagit.org/okhin/pygcrypt/ (last commit 6 years ago, 0 stars, close to zero PyPI downloads excl mirrors syncing) - It's the dev package for the library extracted from GnuPG, and it's much more common for use-cases to interact with the `gpg` CLI directly. eg: https://github.com/vsajip/python-gnupg (8 million downloads/month) which uses the CLI instead. See: https://packages.ubuntu.com/noble/libgcrypt20-dev https://gnupg.org/software/libgcrypt/ Towards #266. GUS-W-15159536. --- heroku-24-build/installed-packages-amd64.txt | 2 -- heroku-24-build/installed-packages-arm64.txt | 2 -- heroku-24-build/setup.sh | 1 - 3 files changed, 5 deletions(-) diff --git a/heroku-24-build/installed-packages-amd64.txt b/heroku-24-build/installed-packages-amd64.txt index 2abcb061..d00c0f3f 100644 --- a/heroku-24-build/installed-packages-amd64.txt +++ b/heroku-24-build/installed-packages-amd64.txt @@ -183,7 +183,6 @@ libfribidi0 libgcc-13-dev libgcc-s1 libgcrypt20 -libgcrypt20-dev libgd-dev libgd3 libgdbm-compat4t64 @@ -210,7 +209,6 @@ libgnutls-openssl27t64 libgnutls28-dev libgnutls30t64 libgomp1 -libgpg-error-dev libgpg-error0 libgprofng0 libgraphite2-3 diff --git a/heroku-24-build/installed-packages-arm64.txt b/heroku-24-build/installed-packages-arm64.txt index 806d8d10..35227e83 100644 --- a/heroku-24-build/installed-packages-arm64.txt +++ b/heroku-24-build/installed-packages-arm64.txt @@ -179,7 +179,6 @@ libfribidi0 libgcc-13-dev libgcc-s1 libgcrypt20 -libgcrypt20-dev libgd-dev libgd3 libgdbm-compat4t64 @@ -203,7 +202,6 @@ libgnutls-openssl27t64 libgnutls28-dev libgnutls30t64 libgomp1 -libgpg-error-dev libgpg-error0 libgprofng0 libgraphite2-3 diff --git a/heroku-24-build/setup.sh b/heroku-24-build/setup.sh index d3fb1300..0c71214c 100755 --- a/heroku-24-build/setup.sh +++ b/heroku-24-build/setup.sh @@ -24,7 +24,6 @@ packages=( libevent-dev libexif-dev libffi-dev - libgcrypt20-dev libgd-dev libgdbm-dev libgnutls28-dev From a93488761874bd3e2d7bf1d2be7c4800760b89c5 Mon Sep 17 00:00:00 2001 From: Ed Morley <501702+edmorley@users.noreply.github.com> Date: Mon, 13 May 2024 17:45:50 +0100 Subject: [PATCH 19/25] Heroku-24: Remove `libdb-dev` (#303) Since: - This is the dev package for `libdb5.3`, a lib for Berkeley DB, which as DBs go is fairly obscure. - The main reason this is in the base image, is since the Python stdlib contains a module for Berkeley DB (`dbm.ndbm`), however, we don't need the headers in the build image for that (since they can be installed in the image where the Python runtimes are built instead). - There are very few language bindings for `libdb`, and those I could find were unpopular and not actively maintained. eg: https://github.com/ruby-bdb/bdb (38 stars, last commit and rubygems.org release in 2011) See: https://packages.ubuntu.com/noble/libdb-dev Towards #266. GUS-W-15159536. --- heroku-24-build/installed-packages-amd64.txt | 2 -- heroku-24-build/installed-packages-arm64.txt | 2 -- heroku-24-build/setup.sh | 1 - 3 files changed, 5 deletions(-) diff --git a/heroku-24-build/installed-packages-amd64.txt b/heroku-24-build/installed-packages-amd64.txt index d00c0f3f..3c8c73fe 100644 --- a/heroku-24-build/installed-packages-amd64.txt +++ b/heroku-24-build/installed-packages-amd64.txt @@ -143,8 +143,6 @@ libcurl4t64 libdatrie1 libdav1d-dev libdav1d7 -libdb-dev -libdb5.3-dev libdb5.3t64 libde265-0 libde265-dev diff --git a/heroku-24-build/installed-packages-arm64.txt b/heroku-24-build/installed-packages-arm64.txt index 35227e83..2de3cb40 100644 --- a/heroku-24-build/installed-packages-arm64.txt +++ b/heroku-24-build/installed-packages-arm64.txt @@ -139,8 +139,6 @@ libcurl4t64 libdatrie1 libdav1d-dev libdav1d7 -libdb-dev -libdb5.3-dev libdb5.3t64 libde265-0 libde265-dev diff --git a/heroku-24-build/setup.sh b/heroku-24-build/setup.sh index 0c71214c..eb991d21 100755 --- a/heroku-24-build/setup.sh +++ b/heroku-24-build/setup.sh @@ -19,7 +19,6 @@ packages=( libc-client2007e-dev libcairo2-dev libcurl4-openssl-dev - libdb-dev libev-dev libevent-dev libexif-dev From c1d6c68e4fbf05d966965c772bca0c8466de2116 Mon Sep 17 00:00:00 2001 From: Ed Morley <501702+edmorley@users.noreply.github.com> Date: Mon, 13 May 2024 17:51:47 +0100 Subject: [PATCH 20/25] Heroku-24: Remove `libc-client2007e-dev` (#304) Since: - It was added in #146 along with the `libc-client2007e` runtime library for use by PHP, however, for PHP's use-case (binary compilation) the headers don't need to be in the build image itself, but can instead be installed during the PHP binary build process. - There are no other popular `libc-client2007e` bindings for languages other than PHP that use these headers. (Compared to the other LDAP library already in the build image, `libldap-dev`, for which there are several popular bindings.) See: https://packages.ubuntu.com/noble/libc-client2007e-dev Towards #266. GUS-W-15159536. --- heroku-24-build/installed-packages-amd64.txt | 2 -- heroku-24-build/installed-packages-arm64.txt | 2 -- heroku-24-build/setup.sh | 1 - 3 files changed, 5 deletions(-) diff --git a/heroku-24-build/installed-packages-amd64.txt b/heroku-24-build/installed-packages-amd64.txt index 3c8c73fe..1861ca0a 100644 --- a/heroku-24-build/installed-packages-amd64.txt +++ b/heroku-24-build/installed-packages-amd64.txt @@ -117,7 +117,6 @@ libbz2-1.0 libbz2-dev libc-bin libc-client2007e -libc-client2007e-dev libc-dev-bin libc6 libc6-dev @@ -330,7 +329,6 @@ libpam-modules libpam-modules-bin libpam-runtime libpam0g -libpam0g-dev libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 diff --git a/heroku-24-build/installed-packages-arm64.txt b/heroku-24-build/installed-packages-arm64.txt index 2de3cb40..5953d26a 100644 --- a/heroku-24-build/installed-packages-arm64.txt +++ b/heroku-24-build/installed-packages-arm64.txt @@ -113,7 +113,6 @@ libbz2-1.0 libbz2-dev libc-bin libc-client2007e -libc-client2007e-dev libc-dev-bin libc6 libc6-dev @@ -323,7 +322,6 @@ libpam-modules libpam-modules-bin libpam-runtime libpam0g -libpam0g-dev libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 diff --git a/heroku-24-build/setup.sh b/heroku-24-build/setup.sh index eb991d21..2d401e07 100755 --- a/heroku-24-build/setup.sh +++ b/heroku-24-build/setup.sh @@ -16,7 +16,6 @@ packages=( libargon2-dev libbsd-dev libbz2-dev - libc-client2007e-dev libcairo2-dev libcurl4-openssl-dev libev-dev From 05e8c01d638debebdde0df3f47cf0d5c4a79539f Mon Sep 17 00:00:00 2001 From: Ed Morley <501702+edmorley@users.noreply.github.com> Date: Tue, 14 May 2024 14:13:44 +0100 Subject: [PATCH 21/25] Add Heroku-24 to the README (#305) Now that Ubuntu 24.04 is GA, and we've finished with the package cleanups/removals, we can add Heroku-24 to the README. It's listed as "In Development" for now (similar to the CNB builder image repo README) since Heroku-24 itself isn't yet GA and not all buildpacks support the new stack yet. I've also: - Removed mention of Heroku-18, since it EOLed over a year ago. - Added new columns for "Supported Architectures" and "Default USER", given that these vary across images. - Removed the "Base" column since (a) the table is otherwise too wide to fit when rendered on the repo homepage on GitHub, (b) that information was the least useful of everything else (and also IMO potentially confused as many people as it helped, given it might be confused with the very similar tag names in the "Image" column). - Added explanations about the build and CNB image variants. - Documented how to handle the non-root default users. GUS-W-15756540. --- README.md | 36 ++++++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index cdab9223..14ab9f1d 100644 --- a/README.md +++ b/README.md @@ -5,20 +5,28 @@ This repository holds recipes for building the base images for [Heroku stacks](https://devcenter.heroku.com/articles/stack). The recipes are also rendered into Docker images that are available on Docker Hub: -| Image | Base | Type | Status | -|-------------------------------------------|---------------------------------------|--------------------|-------------| -| [heroku/heroku:18][heroku-tags] | [ubuntu:18.04][ubuntu-tags] | Heroku Run Image | End-of-life | -| [heroku/heroku:18-build][heroku-tags] | [heroku/heroku:18][heroku-tags] | Heroku Build Image | End-of-life | -| [heroku/heroku:18-cnb][heroku-tags] | [heroku/heroku:18][heroku-tags] | CNB Run Image | End-of-life | -| [heroku/heroku:18-cnb-build][heroku-tags] | [heroku/heroku:18-build][heroku-tags] | CNB Build Image | End-of-life | -| [heroku/heroku:20][heroku-tags] | [ubuntu:20.04][ubuntu-tags] | Heroku Run Image | Available | -| [heroku/heroku:20-build][heroku-tags] | [heroku/heroku:20][heroku-tags] | Heroku Build Image | Available | -| [heroku/heroku:20-cnb][heroku-tags] | [heroku/heroku:20][heroku-tags] | CNB Run Image | Available | -| [heroku/heroku:20-cnb-build][heroku-tags] | [heroku/heroku:20-build][heroku-tags] | CNB Build Image | Available | -| [heroku/heroku:22][heroku-tags] | [ubuntu:22.04][ubuntu-tags] | Heroku Run Image | Recommended | -| [heroku/heroku:22-build][heroku-tags] | [heroku/heroku:22][heroku-tags] | Heroku Build Image | Recommended | -| [heroku/heroku:22-cnb][heroku-tags] | [heroku/heroku:22][heroku-tags] | CNB Run Image | Recommended | -| [heroku/heroku:22-cnb-build][heroku-tags] | [heroku/heroku:22-build][heroku-tags] | CNB Build Image | Recommended | +| Image | Type | OS | Supported Architectures | Default `USER` | Status | +|-------------------------------------------|------------------------|--------------|-------------------------|----------------| ----------------| +| [heroku/heroku:20][heroku-tags] | Heroku Run Image | Ubuntu 20.04 | AMD64 | `root` | Available | +| [heroku/heroku:20-build][heroku-tags] | Heroku Build Image | Ubuntu 20.04 | AMD64 | `root` | Available | +| [heroku/heroku:20-cnb][heroku-tags] | CNB Run Image | Ubuntu 20.04 | AMD64 | `heroku` | Available | +| [heroku/heroku:20-cnb-build][heroku-tags] | CNB Build Image | Ubuntu 20.04 | AMD64 | `heroku` | Available | +| [heroku/heroku:22][heroku-tags] | Heroku Run Image | Ubuntu 22.04 | AMD64 | `root` | Recommended | +| [heroku/heroku:22-build][heroku-tags] | Heroku Build Image | Ubuntu 22.04 | AMD64 | `root` | Recommended | +| [heroku/heroku:22-cnb][heroku-tags] | CNB Run Image | Ubuntu 22.04 | AMD64 | `heroku` | Available | +| [heroku/heroku:22-cnb-build][heroku-tags] | CNB Build Image | Ubuntu 22.04 | AMD64 | `heroku` | Available | +| [heroku/heroku:24][heroku-tags] | Heroku/CNB Run Image | Ubuntu 24.04 | AMD64 + ARM64 | `heroku` | In Development | +| [heroku/heroku:24-build][heroku-tags] | Heroku/CNB Build Image | Ubuntu 24.04 | AMD64 + ARM64 | `heroku` | In Development | + +The build image variants use the run images as their base, but include additional packages needed +at build time such as development headers and compilation toolchains. + +The CNB image variants contain additional metadata and changes required to make them compatible with +Heroku's Cloud Native Buildpacks [builder images](https://github.com/heroku/cnb-builder-images). + +For images where the default `USER` is `heroku`, you will need to switch back to the `root` user when +modifying locations other then `/home/heroku` and `/tmp`. You can do this by adding `USER root` to +your `Dockerfile` when building images, or by passing `--user root` to any `docker run` invocations. ### Learn more From ce3c7ee17307776f393b8f7fd6c8cb0221719264 Mon Sep 17 00:00:00 2001 From: Ed Morley <501702+edmorley@users.noreply.github.com> Date: Tue, 21 May 2024 23:49:55 +0100 Subject: [PATCH 22/25] Heroku-24: Add `binutils` to the run image (#306) Python's `ctypes.util.find_library` is used to find libraries at runtime. `find_library()` calls out to various external programs to help with this task, initially trying `ldconfig`, and then falling back to `gcc` and `ld` if needed - as documented here: https://docs.python.org/3/library/ctypes.html#finding-shared-libraries Even after the removal of compilation tools from the run image in #273, `ldconfig` still exists in the run image, so libraries can still be found by `ctypes.util.find_library` in the base image. However, whilst the `find_library()` docs say that it supports `LD_LIBRARY_PATH`, the docs fail to mention that the env var is only honoured when `ld` can be found: https://github.com/python/cpython/blob/e870c852c0ea96fa4e4569e9c39c7ceb80ce858d/Lib/ctypes/util.py#L315-L320 As such, when only `ldconfig` is available, `find_library()` only returns libraries from the base image, and not any installed via eg the APT or other buildpacks (which rely upon `LD_LIBRARY_PATH` since they have to do userland "installs" of libraries due to not having root permissions). One such popular use of `ctypes.util.find_library` is in Django's GIS feature, which uses it to locate the GDAL library at runtime: https://github.com/django/django/blob/4971a9afe5642569f3dcfcd3972ebb39e88dd457/django/contrib/gis/gdal/libgdal.py#L53-L66 Therefore, we sadly have to include `binutils` in the run image after all - though thankfully doing so only forgoes 19 MB of the original 203 MB run image size reduction from removing `gcc`, `make` and `libc6-dev`. GUS-W-15821115. --- heroku-24/installed-packages-amd64.txt | 9 +++++++++ heroku-24/installed-packages-arm64.txt | 9 +++++++++ heroku-24/setup.sh | 1 + 3 files changed, 19 insertions(+) diff --git a/heroku-24/installed-packages-amd64.txt b/heroku-24/installed-packages-amd64.txt index bde28d72..fa6e2b3d 100644 --- a/heroku-24/installed-packages-amd64.txt +++ b/heroku-24/installed-packages-amd64.txt @@ -7,6 +7,9 @@ bash bind9-dnsutils bind9-host bind9-libs +binutils +binutils-common +binutils-x86-64-linux-gnu bsdutils bzip2 ca-certificates @@ -62,6 +65,7 @@ libassuan0 libattr1 libaudit-common libaudit1 +libbinutils libblkid1 libbpf1 libbrotli1 @@ -80,6 +84,8 @@ libcfitsio10t64 libcgif0 libcom-err2 libcrypt1 +libctf-nobfd0 +libctf0 libcurl3t64-gnutls libcurl4t64 libdatrie1 @@ -120,6 +126,7 @@ libgnutls-openssl27t64 libgnutls30t64 libgomp1 libgpg-error0 +libgprofng0 libgraphite2-3 libgssapi-krb5-2 libharfbuzz-gobject0 @@ -136,6 +143,7 @@ libicu74 libidn2-0 libimagequant0 libimath-3-1-29t64 +libjansson4 libjbig0 libjpeg-turbo8 libjpeg8 @@ -216,6 +224,7 @@ libselinux1 libsemanage-common libsemanage2 libsepol2 +libsframe1 libsharpyuv0 libsmartcols1 libsodium23 diff --git a/heroku-24/installed-packages-arm64.txt b/heroku-24/installed-packages-arm64.txt index bde28d72..3029a59b 100644 --- a/heroku-24/installed-packages-arm64.txt +++ b/heroku-24/installed-packages-arm64.txt @@ -7,6 +7,9 @@ bash bind9-dnsutils bind9-host bind9-libs +binutils +binutils-aarch64-linux-gnu +binutils-common bsdutils bzip2 ca-certificates @@ -62,6 +65,7 @@ libassuan0 libattr1 libaudit-common libaudit1 +libbinutils libblkid1 libbpf1 libbrotli1 @@ -80,6 +84,8 @@ libcfitsio10t64 libcgif0 libcom-err2 libcrypt1 +libctf-nobfd0 +libctf0 libcurl3t64-gnutls libcurl4t64 libdatrie1 @@ -120,6 +126,7 @@ libgnutls-openssl27t64 libgnutls30t64 libgomp1 libgpg-error0 +libgprofng0 libgraphite2-3 libgssapi-krb5-2 libharfbuzz-gobject0 @@ -136,6 +143,7 @@ libicu74 libidn2-0 libimagequant0 libimath-3-1-29t64 +libjansson4 libjbig0 libjpeg-turbo8 libjpeg8 @@ -216,6 +224,7 @@ libselinux1 libsemanage-common libsemanage2 libsepol2 +libsframe1 libsharpyuv0 libsmartcols1 libsodium23 diff --git a/heroku-24/setup.sh b/heroku-24/setup.sh index e768ed3a..8dc161de 100755 --- a/heroku-24/setup.sh +++ b/heroku-24/setup.sh @@ -39,6 +39,7 @@ apt-get upgrade -y --no-install-recommends packages=( bind9-dnsutils # For `dig`, `host` and `nslookup`. + binutils # Python's `ctypes.util.find_library` requires `ld` to find libraries specified via `LD_LIBRARY_PATH`. bzip2 curl file From 6577a2dc8489648c3195743dfc6e428310f532e4 Mon Sep 17 00:00:00 2001 From: Ed Morley <501702+edmorley@users.noreply.github.com> Date: Wed, 22 May 2024 10:59:29 +0100 Subject: [PATCH 23/25] Add `c-ares` to the run image for all stacks (#307) So that PgBouncer can use its recommended `c-ares` based DNS backend: https://github.com/heroku/heroku-buildpack-pgbouncer/issues/188 https://www.pgbouncer.org/install.html https://c-ares.org/ The package is named `libcares2` on Heroku-24 and `libc-ares2` on older stacks: https://packages.ubuntu.com/noble/libcares2 https://packages.ubuntu.com/jammy/libc-ares2 https://packages.ubuntu.com/focal/libc-ares2 This only adds ~200 KB to the run image. I've not added the corresponding headers to the build image, since: - For the PgBouncer use-case they can instead be installed in the build environment used to compile the PgBouncer binaries. - There don't seem to be many popular `c-ares` language bindings that people might use directly in their apps. GUS-W-15826387. --- heroku-20-build/installed-packages.txt | 1 + heroku-20/installed-packages.txt | 1 + heroku-20/setup.sh | 1 + heroku-22-build/installed-packages.txt | 1 + heroku-22/installed-packages.txt | 1 + heroku-22/setup.sh | 1 + heroku-24-build/installed-packages-amd64.txt | 1 + heroku-24-build/installed-packages-arm64.txt | 1 + heroku-24/installed-packages-amd64.txt | 1 + heroku-24/installed-packages-arm64.txt | 1 + heroku-24/setup.sh | 1 + 11 files changed, 11 insertions(+) diff --git a/heroku-20-build/installed-packages.txt b/heroku-20-build/installed-packages.txt index 4658793d..a31089cb 100644 --- a/heroku-20-build/installed-packages.txt +++ b/heroku-20-build/installed-packages.txt @@ -127,6 +127,7 @@ libbsd-dev libbsd0 libbz2-1.0 libbz2-dev +libc-ares2 libc-bin libc-client2007e libc-client2007e-dev diff --git a/heroku-20/installed-packages.txt b/heroku-20/installed-packages.txt index fa1c0951..1dba6ee8 100644 --- a/heroku-20/installed-packages.txt +++ b/heroku-20/installed-packages.txt @@ -93,6 +93,7 @@ libblkid1 libbrotli1 libbsd0 libbz2-1.0 +libc-ares2 libc-bin libc-client2007e libc-dev-bin diff --git a/heroku-20/setup.sh b/heroku-20/setup.sh index ddf7c7a4..845ac1b9 100755 --- a/heroku-20/setup.sh +++ b/heroku-20/setup.sh @@ -53,6 +53,7 @@ packages=( libaom0 libargon2-1 libass9 + libc-ares2 # Used by PgBouncer in heroku-buildpack-pgbouncer. libc-client2007e libc6-dev libcairo2 diff --git a/heroku-22-build/installed-packages.txt b/heroku-22-build/installed-packages.txt index 7136b01c..f9a15f32 100644 --- a/heroku-22-build/installed-packages.txt +++ b/heroku-22-build/installed-packages.txt @@ -127,6 +127,7 @@ libbsd-dev libbsd0 libbz2-1.0 libbz2-dev +libc-ares2 libc-bin libc-client2007e libc-client2007e-dev diff --git a/heroku-22/installed-packages.txt b/heroku-22/installed-packages.txt index 72d4bfcc..2cecdea9 100644 --- a/heroku-22/installed-packages.txt +++ b/heroku-22/installed-packages.txt @@ -93,6 +93,7 @@ libbpf0 libbrotli1 libbsd0 libbz2-1.0 +libc-ares2 libc-bin libc-client2007e libc-dev-bin diff --git a/heroku-22/setup.sh b/heroku-22/setup.sh index 8d6acabb..2bbe9eb8 100755 --- a/heroku-22/setup.sh +++ b/heroku-22/setup.sh @@ -53,6 +53,7 @@ packages=( libaom3 libargon2-1 libass9 + libc-ares2 # Used by PgBouncer in heroku-buildpack-pgbouncer. libc-client2007e libc6-dev libcairo2 diff --git a/heroku-24-build/installed-packages-amd64.txt b/heroku-24-build/installed-packages-amd64.txt index 1861ca0a..bea18d99 100644 --- a/heroku-24-build/installed-packages-amd64.txt +++ b/heroku-24-build/installed-packages-amd64.txt @@ -127,6 +127,7 @@ libcairo2-dev libcap-ng0 libcap2 libcap2-bin +libcares2 libcbor0.10 libcc1-0 libcfitsio10t64 diff --git a/heroku-24-build/installed-packages-arm64.txt b/heroku-24-build/installed-packages-arm64.txt index 5953d26a..760bd492 100644 --- a/heroku-24-build/installed-packages-arm64.txt +++ b/heroku-24-build/installed-packages-arm64.txt @@ -123,6 +123,7 @@ libcairo2-dev libcap-ng0 libcap2 libcap2-bin +libcares2 libcbor0.10 libcc1-0 libcfitsio10t64 diff --git a/heroku-24/installed-packages-amd64.txt b/heroku-24/installed-packages-amd64.txt index fa6e2b3d..af199855 100644 --- a/heroku-24/installed-packages-amd64.txt +++ b/heroku-24/installed-packages-amd64.txt @@ -79,6 +79,7 @@ libcairo2 libcap-ng0 libcap2 libcap2-bin +libcares2 libcbor0.10 libcfitsio10t64 libcgif0 diff --git a/heroku-24/installed-packages-arm64.txt b/heroku-24/installed-packages-arm64.txt index 3029a59b..a9372efb 100644 --- a/heroku-24/installed-packages-arm64.txt +++ b/heroku-24/installed-packages-arm64.txt @@ -79,6 +79,7 @@ libcairo2 libcap-ng0 libcap2 libcap2-bin +libcares2 libcbor0.10 libcfitsio10t64 libcgif0 diff --git a/heroku-24/setup.sh b/heroku-24/setup.sh index 8dc161de..3be4666f 100755 --- a/heroku-24/setup.sh +++ b/heroku-24/setup.sh @@ -54,6 +54,7 @@ packages=( libargon2-1 # Used by the PHP runtime. libass9 # Used by FFmpeg in heroku-buildpack-activestorage-preview. libc-client2007e # Used by the PHP IMAP extension. + libcares2 # Used by PgBouncer in heroku-buildpack-pgbouncer. libdav1d7 # Used by FFmpeg in heroku-buildpack-activestorage-preview. libev4 libevent-2.1-7 # Used by PgBouncer in heroku-buildpack-pgbouncer. From 63870ed1a66e290111aa369df4d024354fcd7353 Mon Sep 17 00:00:00 2001 From: Ed Morley <501702+edmorley@users.noreply.github.com> Date: Wed, 22 May 2024 23:03:30 +0100 Subject: [PATCH 24/25] Add `jq` to the run image for all stacks (#308) So that Heroku Exec's init script can use it instead of Python's `json` module for extracting keys out of the Heroku Exec service API JSON response. JQ was already in the build image, so this is a no-op for the build images, and only increases the run image size by ~470KB. See: https://gus.lightning.force.com/lightning/r/0D5EE00001l4DXC0A2/view https://packages.ubuntu.com/noble/jq GUS-W-15832128. --- heroku-20-build/setup.sh | 1 - heroku-20/installed-packages.txt | 2 ++ heroku-20/setup.sh | 1 + heroku-22-build/setup.sh | 1 - heroku-22/installed-packages.txt | 2 ++ heroku-22/setup.sh | 1 + heroku-24-build/setup.sh | 1 - heroku-24/installed-packages-amd64.txt | 2 ++ heroku-24/installed-packages-arm64.txt | 2 ++ heroku-24/setup.sh | 1 + 10 files changed, 11 insertions(+), 3 deletions(-) diff --git a/heroku-20-build/setup.sh b/heroku-20-build/setup.sh index 6d865919..24dbc156 100755 --- a/heroku-20-build/setup.sh +++ b/heroku-20-build/setup.sh @@ -13,7 +13,6 @@ packages=( cmake gettext git - jq libacl1-dev libapt-pkg-dev libargon2-dev diff --git a/heroku-20/installed-packages.txt b/heroku-20/installed-packages.txt index 1dba6ee8..60fe7345 100644 --- a/heroku-20/installed-packages.txt +++ b/heroku-20/installed-packages.txt @@ -69,6 +69,7 @@ imagemagick-6.q16 init-system-helpers iproute2 iputils-tracepath +jq language-pack-en language-pack-en-base less @@ -187,6 +188,7 @@ libjbig0 libjbig2dec0 libjpeg-turbo8 libjpeg8 +libjq1 libjson-c4 libk5crypto3 libkeyutils1 diff --git a/heroku-20/setup.sh b/heroku-20/setup.sh index 845ac1b9..fa8a5681 100755 --- a/heroku-20/setup.sh +++ b/heroku-20/setup.sh @@ -48,6 +48,7 @@ packages=( imagemagick iproute2 iputils-tracepath + jq # Used by Heroku Exec at run time, and buildpacks at build time. language-pack-en less libaom0 diff --git a/heroku-22-build/setup.sh b/heroku-22-build/setup.sh index a95dba27..1a367c34 100755 --- a/heroku-22-build/setup.sh +++ b/heroku-22-build/setup.sh @@ -13,7 +13,6 @@ packages=( cmake gettext git - jq libacl1-dev libapt-pkg-dev libargon2-dev diff --git a/heroku-22/installed-packages.txt b/heroku-22/installed-packages.txt index 2cecdea9..b07f49d3 100644 --- a/heroku-22/installed-packages.txt +++ b/heroku-22/installed-packages.txt @@ -68,6 +68,7 @@ imagemagick-6.q16 init-system-helpers iproute2 iputils-tracepath +jq language-pack-en language-pack-en-base less @@ -188,6 +189,7 @@ libjbig0 libjbig2dec0 libjpeg-turbo8 libjpeg8 +libjq1 libjson-c5 libk5crypto3 libkeyutils1 diff --git a/heroku-22/setup.sh b/heroku-22/setup.sh index 2bbe9eb8..d324c120 100755 --- a/heroku-22/setup.sh +++ b/heroku-22/setup.sh @@ -48,6 +48,7 @@ packages=( imagemagick iproute2 iputils-tracepath + jq # Used by Heroku Exec at run time, and buildpacks at build time. language-pack-en less libaom3 diff --git a/heroku-24-build/setup.sh b/heroku-24-build/setup.sh index 2d401e07..6dee8b50 100755 --- a/heroku-24-build/setup.sh +++ b/heroku-24-build/setup.sh @@ -12,7 +12,6 @@ packages=( cmake gettext # Internationalization utils used by Django, Rails etc. git - jq libargon2-dev libbsd-dev libbz2-dev diff --git a/heroku-24/installed-packages-amd64.txt b/heroku-24/installed-packages-amd64.txt index af199855..adfccd57 100644 --- a/heroku-24/installed-packages-amd64.txt +++ b/heroku-24/installed-packages-amd64.txt @@ -52,6 +52,7 @@ inetutils-telnet init-system-helpers iproute2 iputils-tracepath +jq keyboxd less libacl1 @@ -148,6 +149,7 @@ libjansson4 libjbig0 libjpeg-turbo8 libjpeg8 +libjq1 libjson-c5 libjxl0.7 libk5crypto3 diff --git a/heroku-24/installed-packages-arm64.txt b/heroku-24/installed-packages-arm64.txt index a9372efb..59d32249 100644 --- a/heroku-24/installed-packages-arm64.txt +++ b/heroku-24/installed-packages-arm64.txt @@ -52,6 +52,7 @@ inetutils-telnet init-system-helpers iproute2 iputils-tracepath +jq keyboxd less libacl1 @@ -148,6 +149,7 @@ libjansson4 libjbig0 libjpeg-turbo8 libjpeg8 +libjq1 libjson-c5 libjxl0.7 libk5crypto3 diff --git a/heroku-24/setup.sh b/heroku-24/setup.sh index 3be4666f..0d0f7db8 100755 --- a/heroku-24/setup.sh +++ b/heroku-24/setup.sh @@ -50,6 +50,7 @@ packages=( inetutils-telnet iproute2 # For `ip`, used by Heroku Exec. iputils-tracepath + jq # Used by Heroku Exec at run time, and buildpacks at build time. less libargon2-1 # Used by the PHP runtime. libass9 # Used by FFmpeg in heroku-buildpack-activestorage-preview. From 3e34d0256218054993217b0ad4d3297e30f058c6 Mon Sep 17 00:00:00 2001 From: Ed Morley <501702+edmorley@users.noreply.github.com> Date: Fri, 24 May 2024 11:28:40 +0100 Subject: [PATCH 25/25] Add `nano` to Heroku-20 and Heroku-22 (#309) Nano was added to Heroku-24 in: https://github.com/heroku/base-images/pull/284 This adds it to older stacks too, so that we don't have to: (a) check which stack an app is running and remember what packages come with that stack when debugging in eg a support ticket, (b) have to resort to using `ed` on older stacks This adds ~850KB to the run image for the older stacks. See: https://packages.ubuntu.com/jammy/nano https://packages.ubuntu.com/focal/nano --- heroku-20-build/installed-packages.txt | 1 + heroku-20/installed-packages.txt | 1 + heroku-20/setup.sh | 1 + heroku-22-build/installed-packages.txt | 1 + heroku-22/installed-packages.txt | 1 + heroku-22/setup.sh | 1 + 6 files changed, 6 insertions(+) diff --git a/heroku-20-build/installed-packages.txt b/heroku-20-build/installed-packages.txt index a31089cb..0a72fe41 100644 --- a/heroku-20-build/installed-packages.txt +++ b/heroku-20-build/installed-packages.txt @@ -543,6 +543,7 @@ mlock mount mtools mysql-common +nano ncurses-base ncurses-bin netbase diff --git a/heroku-20/installed-packages.txt b/heroku-20/installed-packages.txt index 60fe7345..1f832b61 100644 --- a/heroku-20/installed-packages.txt +++ b/heroku-20/installed-packages.txt @@ -342,6 +342,7 @@ mlock mount mtools mysql-common +nano ncurses-base ncurses-bin netbase diff --git a/heroku-20/setup.sh b/heroku-20/setup.sh index fa8a5681..de17bba2 100755 --- a/heroku-20/setup.sh +++ b/heroku-20/setup.sh @@ -129,6 +129,7 @@ packages=( locales lsb-release make + nano # More usable than ed but still much smaller than vim. netcat-openbsd openssh-client openssh-server diff --git a/heroku-22-build/installed-packages.txt b/heroku-22-build/installed-packages.txt index f9a15f32..04496170 100644 --- a/heroku-22-build/installed-packages.txt +++ b/heroku-22-build/installed-packages.txt @@ -542,6 +542,7 @@ mlock mount mtools mysql-common +nano ncurses-base ncurses-bin netbase diff --git a/heroku-22/installed-packages.txt b/heroku-22/installed-packages.txt index b07f49d3..1fcfb7bb 100644 --- a/heroku-22/installed-packages.txt +++ b/heroku-22/installed-packages.txt @@ -347,6 +347,7 @@ mlock mount mtools mysql-common +nano ncurses-base ncurses-bin netbase diff --git a/heroku-22/setup.sh b/heroku-22/setup.sh index d324c120..34cc3313 100755 --- a/heroku-22/setup.sh +++ b/heroku-22/setup.sh @@ -132,6 +132,7 @@ packages=( locales lsb-release make + nano # More usable than ed but still much smaller than vim. netcat-openbsd openssh-client openssh-server