Dockerfile: remove dnf cache to save space (#222)

Author: Wenzel

Dockerfile

@@ -21,8 +21,14 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 # - Tools for creating a CRAFF image to load into a model
 # - Python, including checkers/linters
 # - Rust (will be on the PATH due to the ENV command above)
-RUN dnf -y update && \
-    dnf -y install \
+# hadolint ignore=DL3004,SC3009
+RUN <<EOF
+set -e
+# Update system packages
+dnf -y update
+
+# Install system dependencies
+dnf -y install \
     alsa-lib \
     atk \
     awk \
@@ -60,31 +66,52 @@ RUN dnf -y update && \
     python3 \
     python3-pip \
     vim \
-    yamllint && \
-    python3 -m pip install --no-cache-dir \
+    yamllint
+
+# Install Python packages
+python3 -m pip install --no-cache-dir \
     black==23.10.1 \
     flake8==6.1.0 \
     isort==5.12.0 \
     mypy==1.6.1 \
-    pylint==3.0.2 && \
-    curl https://sh.rustup.rs -sSf | bash -s -- --default-toolchain none -y
+    pylint==3.0.2
+
+# Install Rust
+curl https://sh.rustup.rs -sSf | bash -s -- --default-toolchain none -y
+
+# Clean up package manager cache
+dnf clean all
+rm -rf /var/cache/dnf/* /tmp/* /var/tmp/*
+EOF
 
 
 WORKDIR /workspace
 
 # Download and install public SIMICS. This installs all the public packages as well as the
 # ispm SIMICS package and project manager. ISPM will be on the path due to the ENV command
 # above
-RUN mkdir -p /workspace/simics/ispm/ && \
-    curl --noproxy '*.intel.com' -L -o /workspace/simics/ispm.tar.gz "${PUBLIC_SIMICS_ISPM_URL}" && \
-    curl --noproxy '*.intel.com' -L -o /workspace/simics/simics.ispm "${PUBLIC_SIMICS_PKGS_URL}" && \
-    tar -C /workspace/simics/ispm --strip-components=1 \
-    -xf /workspace/simics/ispm.tar.gz && \
-    ispm settings install-dir /workspace/simics && \
-    ispm packages --install-bundle /workspace/simics/simics.ispm --non-interactive \
-    --trust-insecure-packages && \
-    rm /workspace/simics/ispm.tar.gz /workspace/simics/simics.ispm && \
-    rm -rf /workspace/simics-6-packages/
+# hadolint ignore=DL3004,SC3009
+RUN <<EOF
+set -e
+# Create directories
+mkdir -p /workspace/simics/ispm/
+
+# Download SIMICS components
+curl --noproxy '*.intel.com' -L -o /workspace/simics/ispm.tar.gz "${PUBLIC_SIMICS_ISPM_URL}"
+curl --noproxy '*.intel.com' -L -o /workspace/simics/simics.ispm "${PUBLIC_SIMICS_PKGS_URL}"
+
+# Extract and install
+tar -C /workspace/simics/ispm --strip-components=1 -xf /workspace/simics/ispm.tar.gz
+rm /workspace/simics/ispm.tar.gz
+
+# Configure and install packages
+ispm settings install-dir /workspace/simics
+ispm packages --install-bundle /workspace/simics/simics.ispm --non-interactive --trust-insecure-packages
+
+# Clean up
+rm /workspace/simics/simics.ispm
+rm -rf /tmp/* /var/tmp/*
+EOF
 
 # Copy the local repository into the workspace
 COPY . /workspace/tsffs/
@@ -94,11 +121,20 @@ WORKDIR /workspace/tsffs/
 # Build the project by initializing it as a project associated with the local SIMICS installation
 # and building the module using the build script. Then, install the built TSFFS SIMICS
 # package into the local SIMICS installation for use.
-RUN cargo install cargo-simics-build && \
-    cargo simics-build -r && \
-    ispm packages \
-    -i target/release/*-linux64.ispm \
-    --non-interactive --trust-insecure-packages
+RUN <<EOF
+set -e
+# Install cargo-simics-build
+cargo install cargo-simics-build
+
+# Build the project
+cargo simics-build -r
+
+# Install the built package
+ispm packages -i target/release/*-linux64.ispm --non-interactive --trust-insecure-packages
+
+# Cleanup
+cargo clean
+EOF
 
 WORKDIR /workspace/projects/example/
 
@@ -111,17 +147,26 @@ WORKDIR /workspace/projects/example/
 # - A built EFI application (test.efi) which checks a password and crashes when it gets the
 #   password "fuzzing!"
 # - A SIMICS script that configures the fuzzer for the example and starts fuzzing it
-RUN ispm projects /workspace/projects/example/ --create \
+# hadolint ignore=DL3004,SC3009
+RUN <<EOF
+set -e
+# Create the example project
+ispm projects /workspace/projects/example/ --create \
     1000-${PUBLIC_SIMICS_PACKAGE_VERSION_1000} \
     2096-latest \
     8112-latest \
     1030-latest \
-    31337-latest --ignore-existing-files --non-interactive && \
-    cp /workspace/tsffs/examples/docker-example/fuzz.simics /workspace/projects/example/ && \
-    cp /workspace/tsffs/tests/rsrc/minimal_boot_disk.craff /workspace/projects/example/ && \
-    cp /workspace/tsffs/tests/rsrc/x86_64-uefi/* /workspace/projects/example/ && \
-    cp /workspace/tsffs/harness/tsffs.h /workspace/projects/example/ && \
-    ninja
+    31337-latest --ignore-existing-files --non-interactive
+
+# Copy required files
+cp /workspace/tsffs/examples/docker-example/fuzz.simics /workspace/projects/example/
+cp /workspace/tsffs/tests/rsrc/minimal_boot_disk.craff /workspace/projects/example/
+cp /workspace/tsffs/tests/rsrc/x86_64-uefi/* /workspace/projects/example/
+cp /workspace/tsffs/harness/tsffs.h /workspace/projects/example/
+
+# Build the project
+ninja
+EOF
 
 RUN echo 'echo "To run the demo, run ./simics -no-gui --no-win fuzz.simics"' >> /root/.bashrc
 
@@ -164,6 +209,30 @@ WORKDIR /workspace/tsffs
 
 FROM fedora:42@sha256:f357623dc40edf7803f21b2b954f92417f274a7370f82384ef13c73e08ce1727 AS tsffs-prod
 
+# Install minimal runtime dependencies only
+# hadolint ignore=DL3004,SC3009
+RUN <<EOF
+set -e
+# Update system packages
+dnf -y update
+
+# Install minimal runtime dependencies
+dnf -y install \
+    alsa-lib \
+    atk \
+    bash \
+    cups \
+    gtk3 \
+    mesa-libgbm \
+    openssl \
+    openssl-libs \
+    python3
+
+# Clean up package manager cache
+dnf clean all
+rm -rf /var/cache/dnf/* /tmp/* /var/tmp/*
+EOF
+
 COPY --from=tsffs-base /workspace/projects /workspace/projects
 COPY --from=tsffs-base /workspace/simics /workspace/simics
 COPY --from=tsffs-base /root/.bashrc /root/.bashrc